Military intelligence?

Whenever you connect to Facebook there are many things you might expect to learn: that one of your hundreds of “friends” has just had a bath; that the user interface has been redesigned by a five-year-old, again; perhaps even that some boneheaded application (and its boneheaded user) calculates that your monetary worth is less than another of his pretend friends. However, what you probably wouldn’t expect is to confront an advertising and recruitment campaign on behalf of the Secret Intelligence Service…

Yes, it seems that MI6 is looking to recruit new spies and has opted to look on Facebook for a change, rather than hanging around Oxford or Cambridge pubs. Our lazy spymasters have launched three adverts that promise graduates of all ages long-term careers in collecting and analysing global intelligence.

Forgive me for not being a little more patriotic, but even were I younger, fitter and more reckless I wouldn’t be applying, not least because I’ve seen how government mishandles secret stuff. I ought to have some faith in the ability of the great and the good to handle confidential data confidentially, with some small degree of technical understanding and common sense, but nowadays whenever I hear the words “Military Intelligence” I wait to hear about something stupid that’s happened (again).

So it was when I learned that a former MI6 agent had sold a digital camera on Ebay, for £17, which still contained images of terrorist suspects, rocket launchers and various missiles in its built-in memory. Have these people never heard of secure data disposal? Given the business MI6 is supposed to be in, even the full 35-pass Guttmann method of data erasure isn’t enough: for the few quid it costs, just toss the bloody camera in a furnace. Things become even stickier when the armed forces (whom you might also believe are used to handling sensitive information) “misplace” a bunch of hard drives containing Royal Air Force personnel data. Not just some personnel, but all current and former RAF members. The Ministry of Defence quickly pointed out that there’s no evidence this data has been “exploited maliciously”, nor that the theft was “motivated by a desire to obtain the data”. Just as well, considering it was unencrypted!

Encryption matters

An easy-to-remember mantra for data protection best practice is simply this – encrypt, encrypt, encrypt. Go back as far as you like in history and you’ll find codes and ciphers being used – like the Spartan Stick in 5BC, which involved wrapping a parchment strip around a stick then writing a message on it, which would only make sense if wrapped around another stick of the exact same diameter.

You have to wait until 1467 for the next big leap forward in cryptography, with the invention of the polyalphabetic cipher disk. An Italian chap called Leon Battista Alberti placed separate alphabets on concentric rings, creating ciphers according to which letters were lined up. It was remarkably sophisticated, even evading letter frequency analysis. Since “e” is the most common letter in English, if a coded message contains a lot of numeral “8”, chances are that it represents “e”, but Alberti’s disk made this less obvious: “e” only substituted for “8” when in an even position, but for “9” when in an odd position, for example.

The US Navy used a variant of the cipher wheel during World War II, of a type invented in the 18th century by Thomas Jefferson, which had multiple alphabet wheels spinning on a central rod, but the German Enigma machine ruled the roost where brilliant polyalphabetic ciphers are concerned, until the equally brilliant Alan Turing cracked it.
Even the root of our contemporary encryption method lies surprisingly far back in history: to be exact, 1883 when the Dutch linguist Auguste Kerckhoffs von Nieuwenhof realised that the security of any cryptosystem depends not on keeping the crypto algorithm secret, but “only on keeping secret the key”. Which brings me neatly to the subject of secure key distribution, and the fact that for a long time the recipient of an encrypted message needed the same key used to encrypt to decipher it. Such “symmetric” cryptosystems, as they’re called, typically rely upon a physical courier to deliver that key safely, and you’d have to work in military intelligence not to spot the obvious security flaw in the scheme.

Going public

Fast-forward to the start of the 1970s, and the problem was solved by the invention of an asymmetric cryptosystem, which used a public key to encrypt but a different private key to decrypt. Public key encryption has enabled us to move into an era of secure e-commerce via the internet, to name but one excellent example, and getting rid of the need for secure distribution channels to exchange code keys was the, er, key to success. Asymmetric key encryption enables the same key pair to be used pretty well indefinitely without compromising the security of the process, the basic principle being that as long as the private key remains secret, as many people as you like can know about and have access to the public one.

So how does it work? Essentially, by using a pair of mathematically related keys, one of which reverses the encryption applied by the other. To ensure the algorithm employed cannot be deduced by just having access to one key alone, mathematical entities called “one-way functions” are employed: such functions require minimal computing power to calculate their value, but horrendously enormous power to compute their inverse (that is, to work back from value to arguments). The multiplication of two large prime numbers is a good example: multiplying two large primes is no harder than multiplying any two large numbers, but it’s immensely difficult to factorise the product back into primes.

Fast-forward again to today, and the worrying news is that encryption methods that were assumed safe just a couple of years ago are increasingly being sidelined by advances in computing power, or more to the point in relatively cheap computing power. A couple of high-end desktop PCs, each fitted with a couple of high-end graphics cards, can be hooked together to create apretty basic but effective number-crunching supercomputer. Or how about simply making use of the “grid computing” concept by joining hundreds of bog-standard PCs together to make all their combined resources available for a single decryption task? Now think about massive botnets, more usually used to distribute malicious code via the medium of spam, but which could in theory just as easily be used to crack codes…

The Russian factor

ElcomSoft is something of an enigma itself – a forensic security company established in 1990, which is a member of the Russian Cryptology Association, and quite legitimately provides products and expertise in the form of computer forensics training and evidence-consulting services to law-enforcement agencies and “intelligence” agencies alike. Nothing wrong with that, but this privately owned software company with its headquarters in Moscow also specialises in what it calls “Windows productivity and utility applications for businesses and end users”, but which I prefer to call password-cracking utilities. It’s a bit of a dilemma I guess, one that’s summed up in the “guns don’t kill people, people kill people” debate.
If you find yourself with a password-protected document that you can no longer read – perhaps because you’ve simply forgotten the password, perhaps because an employee who set the password left your business, perhaps even because someone changed it with malicious intent – then you’ll be grateful for a simple application that can quickly recover that password and unlock the document or file. You’d be far less impressed, though, if someone without legitimate authority or ownership of that document did the same, I’ll wager.

Take, for example, password-protected Microsoft Word documents that have been locked down using the standard 40-bit encryption keys. This encryption has, to be fair, been pretty well relegated to the playground in terms of real security ever since the release of Rainbow Table DVDs containing pre-computed hash tables that can be used to unlock 99% of such encrypted documents within minutes. But now, ElcomSoft has gone one step further with an unlock application that comes complete with Thunder Tables technology and promises 100% “near instant” password recovery for any such 40-bit key protected document in a matter of seconds.

To be sure you could have cracked it using other brute-force methods and a dedicated computer over the course of a few days anyway, but the point is that once a utility comes along that makes password cracking nearly instant (and is as cheap as chips) then the “can’t be arsed” factor no longer provides any barrier against casual hacking attempts. By the way, a Thunder Table is a pre-computed list of all trillion or so possible keys used in 40-bit encryption.

Wide open Wi-Fi

Worrying as this whole Rainbow/Thunder Table phenomenon is, the antidote is pretty damn simple, namely to use stronger encryption. Until the mythical quantum computer hits the fan, which we’re told will be able to simultaneously calculate every possible encryption key, then just using 128-bit encryption as an absolute minimum will keep you pretty safe – for the time being, at least. This may not be quite so simple for very much longer when it comes to securing your Wi-Fi network, though, and it’s our Russian friends at ElcomSoft who are leading the charge once again.

Just as you can forget about using 40-bit encryption if you want to deter anyone more determined than your toddler or your nan from cracking the key, so you should forget about using WEP on your laptop. Wired Equivalent Privacy, to give its full name, was introduced way back in 1997 and tries, as the name suggests, to offer a level of connection confidentiality equal to that of a wired network.

However, it only took a handful of years to be proved very wrong, and very weak indeed, which isn’t at all surprising when you discover it used a 40-bit key (eventually replaced with a 128-bit one when US government restrictions on cryptographic technology allowed). Trouble was, WEP remained a poor choice due to other inherent weaknesses: it was vulnerable to successful attack using the simplest of cracking software by eavesdropping on network traffic and sniffing packets to recover the password within a minute or so.

After a couple of insecure years, WEP was finally superseded by Wi-Fi Protected Access (WPA) in 2003, but because it’s so simple to set up and because many users know no better (because router manufacturers don’t bother to tell them) WEP remains in widespread use. But even those folk who did move to the far more secure WPA, or the more secure still WPA2 introduced a year later, are no longer as safe as they might think.
Wi-Fi insecurity graphically exposed

ElcomSoft has now announced a patent-pending technology that’s being incorporated into a new product that can dramatically accelerate the effectiveness of brute-force Wi-Fi encryption cracks, seriously reducing the time it takes to break what was previously thought of as secure WPA/WPA2 encryption that just about everyone now uses. The secret behind this ElcomSoft Distributed Password Recovery product is the use of an Nvidia graphics card or two, which isn’t so surprising once you remember that such high-end graphics cards nowadays come complete with a dedicated Graphics Processing Unit (GPU).

The GPU is a separate floating-point processor that ignores all the other stuff the CPU in your PC has to bother about, and just concentrates on the task of crunching the calculations involved in 3D graphics, such as trigonometric functions and transformations. This makes such cards brilliant accelerators for high-end 3D animation rendering and low-end 3D gaming, but the GPU can crunch any floating- or fixed-point maths at all, not just graphics operations.

If you can compile your brute-force decryption program into a format the GPU can understand and execute, then you have a cracking accelerator, too, and Nvidia supplies a C language environment called CUDA that pretty much enables you to do just that. Using CUDA, you can write software to solve complex computational problems by tapping into what Nvidia refers to as the “many-core parallel processing power of GPUs”.

Application acceleration using GPU power is becoming something of a growth industry, especially as such high-end cards become ever cheaper and accessible to Joe the Computer User. Now it seems that ElcomSoft has joined this fray, insisting that its product allows anyone using “laptop, desktop or server computers equipped with supported Nvidia video cards to break Wi-Fi encryption up to 100 times faster than by using CPU only”.

As I understand it, this Distributed Password Recovery application can set to work using just a handful of intercepted network packets, before the accelerated attack kicks in using what ElcomSoft calls “the execution of mathematically intensive password-recovery code on the massively parallel computational elements found in latest Nvidia graphic accelerators”. Graphics accelerators such as the GeForce GTX280 have the capability of processing hundreds of billions of fixed-point calculations per second, according to ElcomSoft. Stuff one of these with 1GB of onboard video memory and maybe 240 processing units, add a second similarly equipped card into the same machine, and hey presto, as if by magic you’ve entered the world of super-parallel computing without breaking the bank. You now have the kind of password-cracking kit that even James Bond could only dream of a few years back.

ElcomSoft reckons that its system will support all the current GeForce 8 and GeForce 9 cards, and adds just for additional reassurance that this doesn’t only work with Wi-Fi, but is capable of retrieving a “variety of system passwords”. Hmm, Windows start-up password, MD5 hashes, Microsoft Office 97-2007 files – the list goes on and worryingly on. For sure, the days of trusting WPA2 could soon be over as this kind of technology filters down into the inevitable wrong hands.

So what can you do about this? Well I reckon there are two options right now. First, you could consider adding any of the available VPN encryption systems as an additional layer of protection, and second (and more simply), ensure that you’re using WPA2 with a passphrase of the maximum 63 characters to make the brute-force attack as difficult and time-consuming as possible.
Talking of which, follow best practice by not employing dictionary words, definitely not using people’s names, and opting for the full random selection of upper- and lower-case letters with an alpha-numerical mixture. Oh, and if you do use a Service Set ID, don’t make it obvious by using your name, address or some other giveaway as to the “who” or “where” of your network.

And finally…

I love it when I can have an “and finally” moment, especially when it involves some dumb-ass hacker who reminds us that not everyone who wants our data is going to succeed. Consider Shahee Mirza, who defaced a Bangladesh government website and left a political message in place of its original homepage. He also left a banner saying that he was responsible, with his real name and real email address included. Not surprisingly, Mirza was arrested within 24 hours, along with his accomplices in the crime.