by Anonymous Coward writes:
on Thursday September 02, 2021 @01:42PM (#61757315)
American government agencies exploited American products in order to spy on everyone in the world. And turn around to launch an major PR and legal attack against a major Chinese competitor while refusing to show any real proof [wsj.com].
"With Mr. Snowden’s leaks in 2014, the NSA lost the ability to spy on one of the most significant intelligence targets: China. Another NSA document revealed that the agency was spying on Huawei to learn its links to the Chinese military and the ruling Communist Party.
“Many of our targets communicate over Huawei-produced products, we want to make sure that we know how to exploit the
American government agencies exploited American products in order to spy on everyone in the world. And turn around to launch an major PR and legal attack against a major Chinese competitor while refusing to show any real proof [wsj.com].
It was the Dual Elliptic Curve Deterministic Random Bit Generator algorithm. This has been long suspected as an NSA backdoor, I think for over a decade at this point.
The irony is, you are already trusting the person behind the cr.yp.to site: Daniel J. Bernstein (DJB for short) is one of the leading and most trusted researchers in the world of cryptography and computer security in general.
That'll do it. Wyden knew of the illegal NSA spy programs before Snowden blew the whistle and he didn't speak up. 'Classified' doesn't make the illegal legal.
Reality is that the US government is unaccountable from top to bottom. Abuses by the IRS, FBI and even the FDA show a complete lack of give-a-shit about the law.
In law there is a exception to hearsay for things that the accused blurted out right after the incident occurred, rather than weeks or months later. The thinking is that something they blurt out in the heat of the moment is less likely to be a calculated lie.
Juniper blurted out that there was unauthorized code. That is, CODE, lines of programming, had been added to the product. Given what we know, that's probably true.
Much later, some speculated that the design of the *algorithm*, the math, could have been weaker than expected. That's a very different thing than having unauthorized code added.
We don't know for sure what happened. The available evidence most strongly suggests that an attacker straight up added code to the *product*, code that wasn't put there by Juniper developers. That's not at all the same thing as if Juniper devs implemented an algorithm and the NSA knew something secret about the math behind the algorithm.
Much later, some speculated that the design of the *algorithm*, the math, could have been weaker than expected.
No, you need to check your timeline. Microsoft published a paper in 2007 about the "Q value" as a potential backdoor in the algorithm. Juniper added the algorithm in 2008. They were hacked in 2012 and again in 2014 when code was changed.
The NSA was strong-arming NIST and bribing vendors (RSA, for example) to implement the algorithm and set it as default back in 2008.
Just need to attack Huawei (Score:4, Interesting)
American government agencies exploited American products in order to spy on everyone in the world. And turn around to launch an major PR and legal attack against a major Chinese competitor while refusing to show any real proof [wsj.com].
It's called American Exceptionalism [merriam-webster.com].
Re: (Score:2, Insightful)
We already know that the NSA hacked into Huawei.
https://www.cnet.com/tech/serv... [cnet.com]
Snowden already told us everything.
"With Mr. Snowden’s leaks in 2014, the NSA lost the ability to spy on one of the most significant intelligence targets: China. Another NSA document revealed that the agency was spying on Huawei to learn its links to the Chinese military and the ruling Communist Party.
“Many of our targets communicate over Huawei-produced products, we want to make sure that we know how to exploit the
Re: (Score:1)
Snowden already told our adversaries everything.
FTFY.
Re: (Score:3)
Including the general populace eh?
Re: (Score:2)
all part of the new 'Fuck China' message of privately owned 'influential' websites.
Re: (Score:1)
American government agencies exploited American products in order to spy on everyone in the world. And turn around to launch an major PR and legal attack against a major Chinese competitor while refusing to show any real proof [wsj.com].
It's called American Exceptionalism [merriam-webster.com].
I'd like to see the proof that this is a US hack...not calling anyone a lier mind you...
In case anyone is wondering what it was.. (Score:3, Insightful)
It was the Dual Elliptic Curve Deterministic Random Bit Generator algorithm. This has been long suspected as an NSA backdoor, I think for over a decade at this point.
Re:In case anyone is wondering what it was.. (Score:5, Insightful)
Here's a paper from Microsoft how to exploit the vulnerability... from 2007
http://rump2007.cr.yp.to/15-sh... [cr.yp.to]
Re: (Score:3)
The irony is, you are already trusting the person behind the cr.yp.to site: Daniel J. Bernstein (DJB for short) is one of the leading and most trusted researchers in the world of cryptography and computer security in general.
Sen Wyden demanded answers ... (Score:3)
That'll do it. Wyden knew of the illegal NSA spy programs before Snowden blew the whistle and he didn't speak up. 'Classified' doesn't make the illegal legal.
Reality is that the US government is unaccountable from top to bottom. Abuses by the IRS, FBI and even the FDA show a complete lack of give-a-shit about the law.
Not consistent with the known evidence (Score:3)
In law there is a exception to hearsay for things that the accused blurted out right after the incident occurred, rather than weeks or months later. The thinking is that something they blurt out in the heat of the moment is less likely to be a calculated lie.
Juniper blurted out that there was unauthorized code.
That is, CODE, lines of programming, had been added to the product. Given what we know, that's probably true.
Much later, some speculated that the design of the *algorithm*, the math, could have been weaker than expected. That's a very different thing than having unauthorized code added.
We don't know for sure what happened. The available evidence most strongly suggests that an attacker straight up added code to the *product*, code that wasn't put there by Juniper developers. That's not at all the same thing as if Juniper devs implemented an algorithm and the NSA knew something secret about the math behind the algorithm.
Re: (Score:2)
Much later, some speculated that the design of the *algorithm*, the math, could have been weaker than expected.
No, you need to check your timeline. Microsoft published a paper in 2007 about the "Q value" as a potential backdoor in the algorithm. Juniper added the algorithm in 2008. They were hacked in 2012 and again in 2014 when code was changed.
The NSA was strong-arming NIST and bribing vendors (RSA, for example) to implement the algorithm and set it as default back in 2008.
Juniper code quality sucked... (Score:1)
I've seen some source code of one Juniper product.
Even though I am just a programmer and not security expert I found couple serious security issues...
Overall quality was crap - looked like corporate product outsourced to India with rushed deadlines...
New details (Score:2)
Backdoors? (Score:2)
the American people need a full understanding of how backdoors will be exploited by our adversaries
Doesn't exploitation of backdoors always involve some variety of being fucked?