In the previous post I mentioned multi-domain certificates but not wildcard certificates as a solution to the problem. The reason I didn’t mention wildcard certificates is because they have their own inherent security risks. If one subdomain is compromised, all subdomains may be compromised. (Verisign even states this clearly on their page on wildcard certificates.)

Apparently the drones that the US has been using in Iraq and Afghanistan have no encrypted their video feeds, and pentagon officials have revealed that insurgents have been eavesdropping on the video transmissions. According to the WSJ:

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.

Think that’s astounding? Wait till you see this:

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

They’ve known about this for nearly two decades and haven’t done anything? C’mon guys – encryption isn’t exactly a new technology. As for assuming that insurgents wouldn’t know how to take advantage of the flaw, don’t even get me started. You should never underestimate your adversary, especially in war. In the modern information age knowledge is easy to come by, so assuming any large group of people will not have certain knowledge is a perilous assumption.

A 200 year old ciphered message sent to Thomas Jefferson has been broken (with the help of a computer of course).

I recently finished “High: Confessions of an International Drug Smuggler“. The author, Brian O’dea, is a former (and now reformed) drug smuggler and addict who pulled off a few very large smuggling operations. In one of his largest ones he tried to bring in huge quantities of drugs from Asia via boat without being picked up by the feds who had been tipped off to his activities by an informant. They also needed to communicate with boats as far away as the South China sea and Alaska from the US mainland. They decided to use Single-sideband radio, which was used by licensed amateurs. They set up an antenna in a campground powered by a mobile home. It had the power they needed for communications, but the government knew about single-sideband, and was constantly monitoring for people using it for illicit purposes.

Since it was 1985, they didn’t have access to modern cryptography. To avoid the feds, they needed something which not only encoded their information, but also sounded innocuous. Here’s what they did. They all bought copies of Websters dictionary. When they wanted to send a sentence, they looked up each word in the dictionary, noted the page number, and the entry it was on the page. If the word appeared on page 795, and was the 23rd word on the page then he would call the ship (or the home base in the other direction) and ask them to check part number 795-23. Doing this over and over again any eavesdropper would think it was just a ship requesting information on a list of parts.

Analyzing this, it is actually surprisingly good. At first I assumed that because it’s a basic substitution cipher, usually the easiest type of cipher to break, it would crumble quickly. However, substitution ciphers are usually broken because they don’t hide the distribution of letters, and their distribution can be easily matched to the distribution of English letters. In this case they’re not substituting letters, but words. There are only 26 letters in English, but far more words. Given the extremely small amount of ciphertext, it is unlikely that a proper distribution could ever have been discovered. While a straight substitution cipher has very little entropy, and the ciphertext is still going to be highly structured, the limited amount of ciphertext would make cryptanalysis very hard. Someone trying to attack the system would probably only break it if they managed to get a person to talk or captured a boat and noticed the dictionary lying conspicuously close to the radio equipment.

The gpcode virus has been making news of late. It’s ransom-ware that encrypted the infected machine’s files with a 1024 bit RSA key, demanding a monetary payment in exchange for the decryption key. Kaspersky labs announced that they would try to brute force the key if people would just loan them some spare CPU cycles. They took some flak for even trying this, including a rebuke from the master cryptographer himself, Bruce Schneier.

Now it appears they’ve found a solution. No, they haven’t cracked a 1024 bit RSA key this quickly, they’ve discovered that the files can be undeleted, and released a utility to assist in the endeavor. This is another example of Shamir’s third law of security. For those of you who don’t know, Adi Shamir, recipient of the turing award and the S in RSA once delivered his 3 laws of security:

1. Absolutely secure systems do not exist
2. To halve your vulnerability you need to double your expenditure
3. Cryptography is typically bypassed, not penetrated

This is about as good an example of law number three as I can think of. Kaspersky would have found it nearly impossible to break the key in a meaningful amount of time, however circumventing the cryptography proved itself to be much easier.