Page 1 of 13 11/7/2013 http://resources.infosecinstitute.com/nsa ...

carpentergambrinousΑσφάλεια

3 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

174 εμφανίσεις

877.791.9571
|
NSA
Surveillance Is Changing Users

Internet
Experience
8
Tweet
65
108
Like
Introduction
Edward Snowden is the former technical assistant
for the U.S. Intelligence whose revelations on U.S. surveillance
programs have
changed the way Internet users live their online experience more than any other
event. The PRISM
disclosure has revealed to the world how NSA and other
intelligence agencies spy on Internet users and monitor every
communication on
every carrier. The highly secret documents leaked are proof of the huge
investment made by the U.S.
government to support surveillance programs with the
collaboration of the principal security firms. The news is
disturbing and has
shocked public opinion; Internet users know of the presence of the Big Brother,
an entity that doesn

t
limit its activities to surveillance, but that in many
cases has operated in an invasive way to gather information from
unaware private
businesses, foreign agencies, and private citizens.
But
U.S. intelligence has done much more: According to the latest revelations on the
Bullrun program, it put pressure on
principal IT vendors to insert backdoors or
to disclose encryption keys for their products to allow the monitoring of
users

data.
This post will try to analyze the repercussions on
the user

s side of Snowden case. How is it changing Internet users

habits?
Which are the countermeasure adopted and which are the correlated phenomena
observed by principal security
firms?
Surveillance and
Anonymizing Networks
Snowden

s revelations changed the average
user

s perception of security and privacy. Not only dissidents and opposites
are
tracked by authoritarian regimes; the democratic America spies on its citizens
as on foreign users. The situation is
becoming even more complicated for U.S.
government; it has passed the stage of embarrassment. Now U.S. intelligence
has
to elude an aware audience that knows about its methods and is increasing the
adoption of countermeasures. The
first phenomenon observed just after the
diffusion of documents on PRISM was the increase in the number of users for
anonymizing networks, most of all the Tor networks. The use of the Tor network
is considered a must today to preserve
a user

s anonymity and to avoid
government surveillance, the variation in the number of daily Tor users could
provide
interesting information to intelligence; a sudden reduction in such
users could be a sign of intensifying censorship of a
particular nation and an
increase is also interpreted as a response to the monitoring carried out by a
government in a
country free from constraints.
Tor
metrics
provide all the necessary instruments and data to
perform a first analysis, evaluating how an event such the
disclosure of the
U.S. surveillance programs has influenced user

s online habits. Looking at the
following graph,
showing the daily directly connecting users since March 1,
2013, it is possible to see that the number of users has more
than tripled on
the global scale.
Download & Resources
Sign up
fro our newsletter to get the
latest
updates.
SUBMIT
Home
Contributors
Articles
Mini
Courses
Downloads
Courses
Schedule
About
Page
1
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
Figure 1

Daily directly connecting
users
Comparing the above
results with number of users who cannot connect directly to the Tor network and
access via
bridges, which are non
-
public relays, it emerges that the global
increments apply mainly to the portion of the audience
with limited restrictions
on access to the Tor. As confirmed by data related to single nations, the
significant increase is
observable for those countries where there is no
censorship. I decided to propose, for example, the statistics related to
the
countries that The Guardian indicated as the

Eyes

group,

five governments
that most of all have collaborated on
sharing information on their populations
and methods of surveillance. These countries are the U.S., the U.K., New
Zealand, Australia, and Canada.
Figure 2

U.S. Daily directly connecting
users
Figure 3

UK Daily directly connecting users
Page
2
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
Figure 4

NZ Daily directly connecting users
Figure 5

Canada Daily directly connecting users
Figure 6

Australia Daily directly connecting
users
The graphs show the
same trend almost in every country, but there are some consideration that must
be raised:

Is the spike in Tor traffic a
consequence exclusively of Snowden

s revelations?

What is the role of non
-
human generated traffic in this
increase?

Is it possible that someone is abusing the
Tor network for research purposes?

Is Tor really
secure?
The Internet population is increasingly
aware of the
anonymous online Tor network
and are exploring its use to
avoid
the surveillance activities of their governments. The exponential growth
has been registered on Aug. 20, just a couple
of days after David Miranda,
The Guardian
journalist and blogger Glenn Greenwald

s partner, was
detained by UK law
enforcement at Heathrow Airport for around nine hours. Is it
enough to motivate a similar escalation for Tor usage?
Page
3
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
PRISM
and Traffic Spike in Tor Networks
Let

s try to answer the first two
questions on the real origin of traffic that caused the spike in the Tor
network. As seen
before, after the disclosure of the PRISM surveillance program,
an anomalous increase was observed on a global scale
in the number of users
directly accessing Tor. Various hypotheses have been proposed by researchers;
the most
plausible is that a meaningful contribution is given by non
-
human
generated traffic.
The spike was registered starting on
August 19, 2013, when an impressive growth in the number of Tor users was
noticed. Security researchers at the Fox
-
IT firm discovered a botnet based on
the Mevade malware family that hides its
C&C in the anonymizing network.
The botnet is the most likely cause of the suspicious
traffic.
Figure 7

Mevade bot code (Fox
-
IT)

The malware uses
command
and
control connectivity via Tor .
onion
links using HTTP. While some
bots
continue to operate
using the standard HTTP connectivity, some
versions of the malware use a peer
-
to
-
peer network to communicate (KAD based).
Typically, it is fairly clear what the purpose of malware is, such as banking,
clickfraud
,
ransomware
or fake anti
-
virus
malware. In this
case however it is a bit more difficult. It is possible that the purpose of this
malware network is to load
additional malware onto the system and that the
infected systems are for sale,

states
the Fox
-
IT blog post.
The malware authors consider the use of Tor network
very efficient for the following reasons:

The
botnet
traffic is encrypted, which helps prevent detection by network
monitors.

By running as a hidden service,
the origin, location, and nature of the C&C are concealed and therefore
not exposed to
possible takedowns. In addition, since hidden services do not
rely on public
-
facing IP addresses, they can be hosted
behind firewalls or
NAT
-
enabled devices such as home computers.

Hidden services
provide
a Tor
-
specific .
onion
pseudo top
-
level domain, which is not exposed to possible
sinkholing
.

The operator can easily
move around the C&C servers just by re
-
using the generated private key for
the hidden service.
The use of the Tor network
to hide command infrastructure for a botnet is not a new concept. In September
the German
security firm
G Data Software
detected a botnet, dubbed Skynet, controlled
from an Internet relay chat (IRC) server
running as a hidden service of the
Tor.
The Mevade malware family is linked to the malicious
code

Sefnit,

dated 2009, that included Tor connectivity to
implement a backup
mechanism for its C&C communications with a dedicated module. The Mevade
malware was
downloading a Tor module in the last weeks of August and early
September.
Authors of the Mevade Tor variant appear to
use the Russian language. One of them is known as

Scorpion

and, with
his
colleague having the nickname

Dekadent,

is probably part of an organized cyber
gang. The monetization schema
implemented by cybercriminals is not known for
sure; probably their primary intent is install adware and toolbars onto
victims

systems.
TrendMicro experts revealed that the variant of
Mevade identified has also a

backdoor component and communicates
over SSH to
remote hosts

that make its use privileged for data theft.
Members of the Tor Project began an investigation into the spike in
usage and confirmed that millions of new Tor
clients were part of a Mevade
botnet, as they have explained in a
blog
post
:

The fact is, with a growth curve like this
one, there

s basically no way that there

s a new human behind each of these new
Tor
clients. These Tor clients got bundled into some new software which got
installed onto millions of computers pretty much
overnight. Since no large
software or operating system vendors have come forward to tell us they just
bundled Tor with all
their users, that leaves me with one conclusion: somebody
out there infected millions of computers and as part of their plan
Page
4
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
they
installed Tor clients on them

It doesn

t look like the new clients are using
the Tor network to send traffic to external
destinations (like websites). Early
indications are that they

re accessing hidden services

fast relays see

Received an
ESTABLISH_RENDEZVOUS request

many times a second in their
info
-
level logs, but fast exit relays don

t report a significant
growth in exit
traffic. One plausible explanation (assuming it is indeed a
botnet
) is
that it

s running its command and Control
(C&C) point as a hidden
service.

Tor officials are urging Tor users to
upgrade to the newest version of Tor client that includes a new handshake
feature
that Tor relays prioritize over the older handshake. The upgrade will
give legitimate new clients an advantage over
those who use the older version
exploited by the actual instance of Mevade malware.
The
spike in Tor user numbers is not attributable only to an event related to
disclosure of surveillance PRISM and the
desire to escape to government
surveillance. The events for sure have contributed to the diffusion of Tor
platform to
protect user

s anonymity, but they could not be absolutely
responsible for the sudden surge observed.
Another
fascinating thesis proposed on different forums where the botnet capabilities
have been discussed is that the
botnet could in reality be linked to the
revelations about surveillance programs and that its authors are actually
members of a group of hackivists that misuse the malicious architecture to make
all the bots run as Tor relays

exit
nodes necessary to increase the
capabilities of Tor network itself.
Tor Networks, the Role of
Security Research
Snowden has revealed to the worldwide community
the obsessive interest of their governments in surveillance
activities, but he
also remarked that the web is still able to preserve user

s anonymity under
specific conditions.
Encryption and anonymizing networks are primary tools to
protect anonymity from prying eyes and governments are
working hard to reduce
the dark area of the Internet, where they are not able to monitor the users.
The Tor network was considered, with I2P, as a most useful
anonymizing network. For this reason, the exploitation of
users

identities on
these platforms is the subject of intense research for security experts all over
the world.
Anonymity
on the Tor network is the primary reason for its
use:
Hacktivists
, whistle
blowers, hackers, and
cybercriminals
are
enticed by the possibility to be not
traceable.
I was a member of a team of researchers that
evaluated this opportunity in one of the first OSINT experiments based on
Tor
networks; the project was codenamed Artemis and I published some of the results
a few months ago.
Recently a group of researchers led by
Aaron Johnson of the Naval Research Laboratory published the paper,

Traf

c
Correlation Attacks against Tor Anonymity.

The study of
the team isn

t an isolated case, many other researchers are working on the same
topic for the same
purpose, they all are trying to find a flaw that allows the
revelation of user

s identity; some experts have addressed the
software
components used to access the networks (e.g., browsers, plugin), while others
are searching for vulnerability in
the routing protocol or in the encryption
implemented.
A. Johnson

s group at Georgetown University
and the U.S. Naval Research Laboratory (USNRL) published a study, titled

Users Get
Routed: Traffic Correlation on Tor by Realistic
Adversaries
,

that dismantles the certainty of
anonymity on Tor
network, demonstrating that it is possible to identify Tor
users. The researchers presented their POC on anonymity on
the Tor network and
the capability to track Tor users in November 2012 during the Conference on
Computer and
Communications Security (CCS) in Berlin.
The
experts detailed the known traf

c correlation attack method against onion
routing that is based on the concept that
a persistent adversary can monitor a
user

s traf

c as it enters and leaves the Tor network, revealing user

s
identity.
“…
correlating that traf

c using traf

c
analysis links the observed sender and receiver of the communication. Øverlier
and Syverson

rst demonstrated the practicality of the attack in the context of
discovering Tor Hidden Servers.
Laterwork by Murdoch and Danezis show that
traf

c correlation attacks can be done quite ef

ciently against Tor.


To quantify the anonymity offered by Tor, we examine path
compromise rates and how quickly extended use of the
anonymity network results
in compromised paths

Tor users are far more susceptible to compromise than
indicated by
prior work

We create an empirical model of Tor congestion,
identify novel attack vectors, and show that it too is more
vulnerable than
previously indicated.

the paper states. The group of researchers developed for
the POC a
TorPS
simulator
used to analyze
the traffic correlation in the live TOR network; it simulates path selection in
Tor
demonstrating that, under specific conditions, it is possible to identify a
Tor user with 95 percent certainty. Johnson

s
team assumes that an adversary has
access either to Internet exchange ports, or controls a number of autonomous
systems; such an adversary could reveal our identity. Fortunately, those
capabilities are not easy to gain for a trivial
hacker but a state
-
sponsored
hacker or law enforcement can do it with complicity of an ISP. The results
confirm that the
Page
5
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
Tor routing model is exposed to greater risks from traf

c
correlation than previous studies suggested. An adversary that
provides no more
bandwidth than some volunteers do today is able to deanonymize any given user
within three months
of regular Tor use with over 50% probability and within six
months with over 80%probability. Current Tor users should
carefully consider it.
The majority of research activities involves distributed bots constantly
monitoring Tor traffic; one
of the side effects is that the global population of
Tor users increase also, thanks to the contribution of these activities.
Is Tor Really Secure?
Tor, if properly used, is one
of the most secure channels to transfer/hide user

s data, but it must be
considered that
governments are actively working to try to track users also
within the Tor network; they are working on techniques to
expose the user

s
identity once inside the anonymizing network. Recently we read about the
possible exploit of a
vulnerability within the Firefox browser commonly used to
surf within the
Tor network
, but many other researchers are
working on the
topic; tracking Tor users is the next challenge and probably someone has already
been able to do it.
Governments can also count on the support of the ISPs
(internet service providers) that are already able to detect Tor
usage on their
networks. Another couple of data points could be interesting to evaluate the
repercussions of PRISM case
on the Tor network:

The number of relays is growing steadily.

Terms related to the PRISM case and to Snowden are still unpopular
in the
deep web
;
I found the data using the
dashboard designed for the
Artemis Project
.

The Tor project
has the U.S. government among its principal
financial sponsors
. It is known that the project was
created by DoD, but why fund it today if the alleged anonymity of its networks
could be a source of problems? Is
it philanthropy or has the Bullrun project
(which we will analyze in the next paragraph) also produced its effects
on the
Tor network?
Figure 8

Relays and bridges in the Tor
netwok
Data Encryption
Data encryption until now has represented the unique certainty for the
protection of data; the complexity of the
algorithm used and a sufficient length
of the keys are necessary to protect information from espionage and monitoring
activities.
The last wave of Snowden

s revelations on the
U.S. surveillance program may have the effects of a disaster in the IT
world.
U.S. intelligence could in fact have access to all encrypted data circulating on
the Internet and the ability to
decipher any secure communication.
Bullrun is the name of latest surveillance program disclosed
by Snowden, the
New
York Times
and
The Guardian
newspapers, and the journalism
non
-
profit ProPublica, which revealed details of the new super
-
secret program
supported by the NSA to have the possibility of bypassing encryption adopted
worldwide by corporations, governments,
and institutions.
In reality the Bullrun program is considered the second attempt of U.S.
government after the failure to place a backdoor,
the so
-
called Clipper chip,
into encryption units that would have allowed it to eavesdrop on communications.
The NSA
is not able to crack encryption algorithms; according to the whistle
blower Snowden, NSA bypasses encryption and is
targeting end point of
communications:

Properly implemented strong crypto
systems are one of the few things that you can rely on,

Snowden said to
The
Guardian.
Page
6
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
The intelligence agency has induced
vendors and manufactures to include backdoors in their products or to disclose
related encryption keys to allow the access data. This is the core of the
Bullrun program; an event even more shocking
is that NSA has worked to undermine
the security of those standards.
Figure 9

classification guide to the NSA

s Bullrun
decryption program
The
repercussions are critical because the diffusion of the defective encryption
standard has exposed the same data
accessed by the NSA to the concrete risk of
data theft by third
-
party actors such as foreign
state
-
sponsored hackers
and
cyber criminals.
In 1976 the NSA provided important contributions to a new encryption
standard, DES, and many experts speculated for
years on the possible presence of
a backdoor in the algorithm. The NSA apparently improved DES, but one of the
debated modifications was the reduction of the key size from 64 bit to 56 bit.
According to many conspiracies the U.S.
intelligence at that time had enough
computing capability to crack DES.

The encryption
technologies that the NSA has exploited to enable its secret dragnet
surveillance are the same
technologies that protect our most sensitive
information, including medical records, financial transactions, and
commercial
secrets

Even as the NSA demands more powers to invade our privacy in the name
of cybersecurity, it is
making the Internet less secure and exposing us to
criminal hacking, foreign espionage, and unlawful surveillance. The
NSA

s
efforts to secretly defeat encryption are recklessly shortsighted and will
further erode not only the United States

reputation as a global champion of
civil liberties and privacy but the economic competitiveness of its largest
companies.

commented Christopher Soghoian, principal technologist of the ACLU

s
Speech, Privacy and Technology
Project.
NSA and other
agencies siphoned data from land and undersea cables. Just after the revelations
on the PRISM program,
the intelligence started a misinformation campaign
claiming that U.S. authorities were working to find the way to crack
encrypted
traffic. In reality, the agency has no reason to do it and the Bullrun program
is the proof. Misinformation has
been used for diversionary purpose and to
influence global sentiment in order to keep the lights of the media far from
the
dirty collusions of governments and private companies.

None of methods used to access to encryption keys involve cracking the
algorithms and the math underlying the
encryption, but rely upon circumventing
and otherwise undermining encryption.

The newspapers
claim that NSA maintains an internal database, dubbed

key provisioning
service,

of encryption keys
for each commercial product. Using the key
provisioning service, the NSA is able to automatically decode
communications and
gain access to encrypted data. Every time the agency needs a key for a new
product it formalizes a
request to obtain it; the request is from the so
-
called

key recovery service.

Other news outlets reported that,
in one instance, the U.S. government learned that a foreign intelligence service
had
ordered new computer hardware and, after pressure from NSA, the U.S. vendor
agreed to insert a backdoor into the
product before it was deployed.
Keys are provided by vendors or obtained by the intelligence
with a hacking campaign against infrastructures of product
providers.

How keys are acquired is shrouded in secrecy, but
independent cryptographers say many are probably collected by
hacking into
companies

computer servers, where they are stored

To keep such methods
secret, the NSA shares
decrypted messages with other agencies only if the keys
could have been acquired through legal means,

states
The
New York
Times
.
Page
7
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
The most disturbing revelation involves the
NSA

s efforts to deliberately weaken international encryption standards that
developers use to make their encryption secure. According to a classified NSA
memo obtained by
The New York Times,
the fatal weakness discovered by
two Microsoft cryptographers in 2007 in a 2006 standard was intentionally
engineered
by the NSA.

Basically, the NSA asks
companies to subtly change their products in undetectable ways: making the
random number
generator less random, leaking the key somehow, adding a common
exponent to a public
-
key exchange protocol, and
so on

If the backdoor is
discovered, it

s explained away as a mistake. And as we now know, the NSA has
enjoyed
enormous success from this program,

said cryptographer Bruce
Schneier.
Want to learn more??
The InfoSec Institute
CISSP Training
course trains and
prepares you
to pass
the premier
security certification, the CISSP. Professionals that hold the CISSP
have
demonstrated that they have deep knowledge of all 10 Common Body of Knowledge
Domains, and have the necessary skills to provide leadership in the creation and
operational duties of enterprise wide information security programs.
InfoSec Institute's proprietary CISSP certification courseware materials are
always up to
date and synchronized with the latest ISC2 exam objectives. Our
industry leading course
curriculum combined with our award
-
winning CISSP
training provided by expert
instructors delivers the platform you need in order
to pass the CISSP exam with flying
colors.
You will leave the InfoSec
Institute CISSP Boot Camp with the knowledge and
domain expertise to
successfully pass the CISSP exam the first time you take it.
Some
benefits
of the CISSP Boot Camp are:

Dual Certification
-
CISSP and
ISSEP/ISSMP/ISSAP

We have cultivated a
strong reputation for getting at the secrets of the CISSP
certification exam

Our materials are always updated with the
latest information on the exam objectives:
This is NOT a Common Body of
Knowledge review
-
it is intense, successful preparation
for CISSP
certification.

We focus on preparing you
for the CISSP certification exam through drill sessions,
review of the entire
Common Body of Knowledge, and practical question and answer
scenarios, all
following a high
-
energy seminar approach.
VIEW
CISSP TRAINING

Some of the methods
involved the deployment of custom
-
built supercomputers to break codes in
addition to
collaborating with technology companies at home and abroad to
include backdoors in their products. The Snowden
documents don

t identify the
companies that participated.

The Bullrun program,
according to the documents,

actively engages the U.S. and foreign IT industries
to covertly
influence and/or overtly leverage their commercial products

designs

to make them

exploitable.

By this year, the
Times
reports,
the program had found ways

inside some of the encryption chips that scramble
information for
businesses and governments, either by working with chipmakers to
insert backdoors or by surreptitiously exploiting
existing security flaws.

We are therefore assuming that the U.S. government has
deliberately prompted developers to enter bugs in software
solutions sold
worldwide; the knowledge of those flaws could be sold in the black market of
zero
-
day vulnerabilities
. At
that point, probably the same
U.S. intelligence would offer big bucks to buy back the zero
-
day to cover traces
of its
shocking activities.
A different current of
thought claims that the NSA in reality has advanced cryptanalytic capacity; back
in the 1970s, the
NSA knew a cryptanalytic technique called

differential
cryptanalysis

that allowed it to break numerous algorithms
considered
secure.
Snowden

s revelation on the
black
budget summary
said that nearly 35,000 people and $11 billion annually are
part of
the Department of Defense
-
wide Consolidated Cryptologic Program and $440
million is reserved to

Research and
Technology.

This is
considered the biggest expense on the cryptography research of the planet,
demonstrating the high interest of
the U.S. in breaking most used encryption
protocols.
Page
8
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
What about Tor Crypto keys?
The idea
that NSA could be able to access encrypted data also put at serious risk the
efficiency of an anonymizing
network such as Tor. Rob Graham, CEO of the
penetration testing firm Errata Security, asserted that running a

hostile

exit
node on Tor in it

s possible to analyze incoming connections, during his study
he noted that 76% of the 22,920
connections adopted the Diffie
-
Hellman
algorithm.

The problem with Tor is that it still uses
these 1024
-
bit keys for much of its crypto, particularly because most people
are
still using older versions of the software.

According
to
official Tor
statistics
,
only 10% of Tor servers are using version 2.4 of
the software, the release that
implements elliptic curve Diffie
-
Hellman crypto,
which is considered most difficult to crack.
While no
one knows for sure exactly what the NSA is capable of cracking, educated
speculation has long made a case that the
keys Graham observed are within reach
of the U.S. spy agency.

Everyone seems to agree
that, if anything, the NSA can break 1024 RSA/DH keys

Assuming no

breakthroughs,

the
NSA can spend $1 billion on custom chips that can break
such a key in a few hours. We know the NSA builds custom
chips, they

ve got
fairly public deals with IBM foundries to build chips

Of course, this is just
guessing about the NSA

s
capabilities

As it turns out, the newer elliptical
keys may turn out to be relatively easier to crack than people thought,
meaning
that older software may in fact be more secure. But since 1024 bit RSA/DH has
been the most popular SSL
encryption for the past decade, I

d assume that it

s
that, rather than curves, [it's 1024 RSA/DH] that the NSA is best at
cracking,

Graham wrote in a
blog
post
recently published.
In this case, we can
speculate that Snowden

s revelation could have a serious impact also on the use
of anonymizing
networks; conscious consumers are definitely encouraged to
upgrade their Tor client, but we cannot ignore the fact that
Big Brother is
increasing its capabilities day after day.
Snowden Leaks and
PGP Use
The disclosure of documents on U.S. surveillance programs
created great concerns within the Internet community. The
fear of being spied on
has profoundly changed the habits of many users and influenced the policies of
various
enterprises. The mainstream concern about the loss of privacy has
sustained a rapid growth of privacy
-
friendly software
such as data encryption
applications to securely send emails.
OpenPGP (Pretty
Good Privacy) has seen the daily creation of unique keys nearly triple since
June, just after Snowden

s
leaks first became public. In PGP, encryption is
based on keys tracked and shared through keyservers.
Kristian Fiskerstrand

s
sks
-
keyservers.net
provide statistics
related to over 80 key servers around the world; his data
demonstrated the rapid
growth of new PGP key generation, revealing a trend that has gone from 500 to
1,500 and
1,600 new keys added every day.
Figure
10

New PGP keys created (Kristian Fiskerstrand

s data)


Related Mini Courses
View All Mini
Courses
Full
Length Online Courses
Related Boot Camps
Information
Security
Information
Assurance
IT
Audit
Page
9
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
Want to learn more??
The InfoSec Institute
CISSP Training
course trains and
prepares you
to pass
the premier
security certification, the CISSP. Professionals that hold the CISSP
have
demonstrated that they have deep knowledge of all 10 Common Body of Knowledge
Domains, and have the necessary skills to provide leadership in the creation and
operational duties of enterprise wide information security programs.
InfoSec Institute's proprietary CISSP certification courseware materials are
always up to
date and synchronized with the latest ISC2 exam objectives. Our
industry leading course
curriculum combined with our award
-
winning CISSP
training provided by expert
instructors delivers the platform you need in order
to pass the CISSP exam with flying
colors.
You will leave the InfoSec
Institute CISSP Boot Camp with the knowledge and
domain expertise to
successfully pass the CISSP exam the first time you take it.
Some
benefits
of the CISSP Boot Camp are:

Dual Certification
-
CISSP and
ISSEP/ISSMP/ISSAP

We have cultivated a
strong reputation for getting at the secrets of the CISSP
certification exam

Our materials are always updated with the
latest information on the exam objectives:
This is NOT a Common Body of
Knowledge review
-
it is intense, successful preparation
for CISSP
certification.

We focus on preparing you
for the CISSP certification exam through drill sessions,
review of the entire
Common Body of Knowledge, and practical question and answer
scenarios, all
following a high
-
energy seminar approach.
VIEW
CISSP TRAINING
Figure
11

New PGP keys created
The above images indicate a meaningful
increase in adopting PGP encryption across the board, showing that Internet
users are becoming aware of security issues. Snowden

s revelations have shaken
the IT sector and the privacy revolution
is just beginning; it is becoming even
simpler to read about platforms such as Tor or I2P. The popular Kim Dotcom

s
Mega announced the creation of an encrypted email system, following the official
announcement:

We

re going to extend this to secure
email which is fully encrypted so that you won

t have to worry that a government
or
Internet service provider will be looking at your email.

For each service that is being born, another has been deleted. Silent
Circle preemptively shut down encrypted email
service to prevent the NSA spying.
The Silent Circle blog posts explains:

We see the
writing the wall, and we have decided that it is best for us to shut down Silent
Mail now.

It

s especially
damning, considering that Silent Circle

s co
-
founder
and president is Phil Zimmermann, the inventor of the widely
-
used
email
encryption program Pretty Good Privacy.
Silent Circle
reportedly had revenue increase 400% month
-
over
-
month in July after the
surveillance program disclosure.
Corporate enterprise customers switched to
Silent Circle services to preserve their business and prevent surveillance
and
cyber espionage. The company declared to Forbes that it is increasing revenue
this year in part due to the
disclosure NSA operations.
NSA
Mobile Devices
Microsoft
Cisco
CompTIA
Linux
Project
Management
About the
Author
Other Articles by the author
Pierluigi
Paganini
Pierluigi Paganini has a Bachelor in
Computer
Science Engineering IT,
majoring in Computer Security and
Hacking techniques. A
security expert
with over 20 years of experience in the
field, including a
Certified Ethical
Hacker certification from the EC
Council in London, Pierluigi
is Chief
Security Information Officer for Bit4Id,
a researcher, security
evangelist,
security analyst

Search
S
earch ...
Categories
+
Find us on
Facebook
InfoSec
Institute
Like
6,745 people like
InfoSec Institute
.
Page
10
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
Obviously there are some revelations concerning the
observation of mobile devices. The German news agency
Der
Spiegel
reported
the latest act of U.S. surveillance: The NSA is
able to access data stored in a wide range of mobile
devices, including Android,
iPhone, and BlackBerry.
According to the popular media
agency, U.S. intelligence is spending a great effort on mobile cracking. It is
able to
access the data stored on Smartphone and tablets. The NSA has created
highly specialized divisions for mobile hacking;
the units are able to access
the list of calls, SMS traffic, user

s contacts, notes, and GPS data. In
reality, U.S. intelligence
had been already able to access to SMS messages: A
document of the agency dated 2009 remarked that the NSA agents
can

see and read
SMS traffic.

The German news agency confirmed that the
NSA

s capability to access data on mobile devices is not considerable as a
mass
surveillance
operation, but it is exploited by U.S. intelligence to spy on specific
individuals and was done secretly
without the support of manufacturing and
Smartphone vendors.
The last group of Snowden

s documents
leaked confirmed to the most skeptical users that nothing is secure, not even
their mobiles.
Conclusions
Snowden

s case has
definitively changed Internet users

perception of security and privacy: The
repercussions on the
global security market are enormous, the level of trust in
government institutions and major IT companies has
collapsed. Customers have put
their trust in the wrong companies; too often they have been deceived by false
myths
and new paradigms designed to facilitate the surveillance operated by
intelligence agencies.
On the Internet, the number of
websites that propose free and open privacy
-
friendly software is increasing.
prism
-
break.org
in just an example of
network reaction. The Bullrun program is the latest revelation on a nefarious
policy
conducted by one of the major security agencies, ironically because its
willingness to supervise each and every datum
of the largest Internet has made
it unsafe. Chasing the concept of security, NSA has actually opened loopholes in
the
global information systems that could have benefited powers such as
China
or terrorist groups.
If
surveillance activities are necessary for security reason, their abuse could
have serious repercussions on security. The
unique certainties are that the
surveillance program will continue and the expense of monitoring activities will
continue to increase. On the market side, the decrease of trust in U.S. security
vendors could advantage other entities.
The equilibrium is jeopardized when
trust is broken and open source software will reach a new peak of popularity
while
waiting for the next incident.
The IT world will
never be the same!
References
http://securityaffairs.co/wordpress/17398/intelligence/prism
-
repercussion
-
tor
-
network
-
use.html
http://securityaffairs.co/wordpress/17577/intelligence/nsa
-
bullrun
-
program
-
false
-
perception
-
security.html
http://arstechnica.com/security/2013/09/majority
-
of
-
tor
-
crypto
-
keys
-
could
-
be
-
broken
-
by
-
nsa
-
researcher
-
says
http://securityaffairs.co/wordpress/15133/intelligence/edward
-
snowden
-
is
-
the
-
responsible
-
for
-
disclosure
-
of
-
prism
-
program.html
http://www.wired.com/opinion/2013/09/black
-
budget
-
what
-
exactly
-
are
-
the
-
nsas
-
cryptanalytic
-
capabilities/
http://www.nytimes.com/2013/09/06/us/nsa
-
foils
-
much
-
internet
-
encryption.html?pagewanted=all&_r=0
http://securityaffairs.co/wordpress/17489/intelligence/traf%EF%AC%81c
-
correlation
-
vs
-
anonymity
-
on
-
tor.html
http://www.dailydot.com/news/pgp
-
encryption
-
snowden
-
prism
-
nsa/
http://www.theguardian.com/world/interactive/2013/sep/05/nsa
-
project
-
bullrun
-
classification
-
guide
http://blog.fox
-
it.com/2013/09/05/large
-
botnet
-
cause
-
of
-
recent
-
tor
-
network
-
overload/
http://www.dailydot.com/news/pgp
-
encryption
-
snowden
-
prism
-
nsa/
http://www.unduecoercion.com/2013/07/encryption
-
and
-
anonymity
-
after
-
prism.html
Page
11
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
By
Pierluigi Paganini
|
September 12th,
2013
|
General
Security
|
0
Comments
Share This Story, Choose Your
Platform!
About the Author:
Pierluigi
Paganini
Leave A
Comment
N
ame (required)
Email (required)
Website
http://resources.infosecinstitute.com/project
-
artemis
-
osint
-
activities
-
on
-
deep
-
web/
http://blog.trendmicro.com/trendlabs
-
security
-
intelligence/the
-
mysterious
-
mevade
-
malware/
http://securityaffairs.co/wordpress/16900/hacking/breach
-
just
-
30s
-
to
-
decrypt
-
from
-
ssltsl
-
encrypted
-
traffic.html#!
http://securityaffairs.co/wordpress/16924/cyber
-
crime/firefox
-
zero
-
day
-
exploited
-
against
-
tor
-
anonymity.html#!
http://blog.erratasec.com/2013/09/tor
-
is
-
still
-
dhe
-
1024
-
nsa
-
crackable.html#.Ui2joMa
-
2qd
http://www.spiegel.de/international/world/privacy
-
scandal
-
nsa
-
can
-
spy
-
on
-
smart
-
phone
-
data
-
a
-
920971.html
http://resources.infosecinstitute.com/how
-
edward
-
snowden
-
protected
-
information
-
and
-
his
-
life/
http://threatpost.com/huge
-
botnet
-
found
-
using
-
tor
-
network
-
for
-
communications/102179
Pierluigi Paganini
has a Bachelor in Computer Science Engineering IT, majoring in Computer Security
and Hacking techniques. A security expert with over 20 years of experience in
the field, including a
Certified Ethical Hacker certification from the EC
Council in London, Pierluigi is Chief Security
Information Officer for Bit4Id, a
researcher, security evangelist, security analyst and freelance writer.
This
passion for writing and a strong belief that security is founded on sharing and
awareness has led Pierluigi to found
the security blog "Security Affairs.

The
author of the books "The Deep Dark Web" and

Digital Virtual Currency and
Bitcoin

,
he is also Editor
-
in
-
Chief at CyberDefense magazine
(http://www.cyberdefensemagazine.com ) Security Affairs
(http://securityaffairs.co/wordpress)
Email:pierluigi.paganini@securityaffairs.co




Comment...
POST COMMENT
Page
12
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...
ARCHIVES

Select Month
POPULAR SEARCH
TERMS
agile
android
anonymity
application
security
App
Security
Backtrack
bootcamp
certifications
CISA
CISM
CISSP
compliance
crackme
ethical
hacking
feature
featured
forensics
general
security
hacking
how
-
to
human
resources
infosecdocs
interview
iphone
IT
Auditing
java
linux
malware
management
metasploit
nmap
penetration
testing
reverse
engineering
reversing
security
security
awareness
social media
sql
injection
TOR
training
video
vulnerabilities
vulnerability
wapt
wordpress
RECENT
POSTS
IOS
Application Security Part 21

ARM
and GDB Basics
Gentoo
Hardening: Part 4: PaX, RBAC and
ClamAV
Revealing
Hacker through Malware
Analysis
Web
Services Penetration Testing, Part 2:
An Automated Approach With SoapUI
Pro
Modern
Online Banking Cyber Crime
Remoting
Technology
Gentoo
Hardening: Part 3: Using Checksec
Quantitative
Risk Analysis
Average
CCNA Salary 2013
2013

The Impact of Cybercrime
SEARCH THIS SITE
S
earch ...
LIKE
US ON FACEBOOK == STAY
UP TO DATE
InfoSec
Institute
Like
6,745
Copyright
©
2012
-
InfoSec Institute | All Rights Reserved




Page
13
of
13
11/
7/
2013
http://resources.infosecinstitute.com/nsa
-
surveillance
-
changing
-
users
-
internet
-
exp/?utm_so
...