New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Oh, btw, cia steals your SSH access data
https://twitter.com/wikileaks?lang=en
Side note: It seems reasonable to assume that "cia" stands for "all us american spook and police agencies".
Comments
Is there any proof to this claim?
I have provided the link to Wikileaks twitter (and actually copied the content here). You should be able to find more at the Wikileaks site.
Just glancing at the guide Gyrfalcon, it looks like you need root to install its dependencies. So it's not really that scary. If someone has root, you're fucked anyways.
@Lunar: well, it's not as if vulnerabilities in the kernel which allow us to get the highest privileges didn't exist. Many of which are 0days, knows by the Agencies and not by us mere mortals...
I'm doubtful when Qubes claim that Xen is very solid (recent past showed that it was far from bulletproof), but their justification not to set a password to 'sudo' because 'anyway, it's a joke' might make some sense...
I wouldn't take it that lightly and one must see how they operate. They have a quite large toolkit available and we know from quite some other cases/leaks that getting root isn't anything but a trivial problem for them. Plus - and interesting in our context here - they have the lea means to get at the server hardware.
The little comfort one can find with that is that the manual clearly shows that their operators usually are clueless drones.
I say bullshit.
Wikileaks has solidly earned a good reputation. Moreover, just shrugging and saying "oh well, maybe true, maybe not" is clearly a route which to take is not prudent.
With root this tool is not needed, you can literally just replace the SSH binary, tap the network interface or install a kernel extension.
None of this tools - they are not exploits in any way - are able to circumvent smartcard auth, either.
You have me intrigued, because I was debugging a SmartCard issue the other day, and found that the reader was just mapped through your standard FTDI TTL->USB device (Gemalto).
Surely if they wanted to circumvent smartcard, they'd want to go for the underlying library, but it can't be that difficult to just, you know, reload your own usbserial sniffing module.
Granted, I'm suggesting using a penknife to disassemble a tank, but just for the sake of argument.
If you became the object of attention of the CIA - the theft of SSH data will be your least problem ...
I'm more concerned about the NSA intercepting and decrypting the traffic en masse:
https://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
This does not seem especially groundbreaking to me. If you have root, then yes, you can likely do things like reading out memory and other tricks to steal keys and 'intercept traffic' pre-encryption. That's not a vulnerability, that's just implementing software under known circumstances where you have access to sensitive data.
Just one example of such a scenario: https://blog.netspi.com/stealing-unencrypted-ssh-agent-keys-from-memory/
If is just the CIA, I'm ok with that. What are you hiding?
That seems to be already higher level, i'd just take the key at time of connect with a kernel extension and don't rely at all on the agent being used...
This does not work. The card chip is a CPU basically and returns a solution to a math problem which you cannot clone; this is why chip+pin is secure and cannot be skimmed on ATMs. Replay attacks are also not possible, so dumping the serial data is useless.
The readers are nearly always just serial as protocol.
Ah. So you'd need to know what it's doing to use the data it retrieves. So, a generic rebuild of the hardware interface to.. yeah. Not worth it. Thanks for that info!
I assume even that is nearly pointless; else ATM/CC chips would be clonable by now and we would have way worse problems than skimmers for CC track2 or "card stealing" skimmers....
Some cards can certainly be "circumvented" (notably Schlumberger, the USB sticks you get for certain software with a SIM card in it, usually expensive as hell SW) - i have however never seen any solution that did rely only on a emulated serial interface and not needed a cracked/modified binary.
These were popular for unlock boxes back like 200x for Nokia etc. phones to protect the SW side as the hardware box was often not more than a serial adapter either - meaning with chip cracked and a serial adapter plus some cables you were often able to get full functionality for free.
Cheers! I've never been in the field, but this all makes me curious.