Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Oh, btw, cia steals your SSH access data
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Oh, btw, cia steals your SSH access data

https://twitter.com/wikileaks?lang=en

Side note: It seems reasonable to assume that "cia" stands for "all us american spook and police agencies".

Comments

  • Is there any proof to this claim?

  • bsdguybsdguy Member

    I have provided the link to Wikileaks twitter (and actually copied the content here). You should be able to find more at the Wikileaks site.

  • LunarLunar Member

    Just glancing at the guide Gyrfalcon, it looks like you need root to install its dependencies. So it's not really that scary. If someone has root, you're fucked anyways.

  • @Lunar: well, it's not as if vulnerabilities in the kernel which allow us to get the highest privileges didn't exist. Many of which are 0days, knows by the Agencies and not by us mere mortals...

    I'm doubtful when Qubes claim that Xen is very solid (recent past showed that it was far from bulletproof), but their justification not to set a password to 'sudo' because 'anyway, it's a joke' might make some sense...

  • bsdguybsdguy Member

    @Lunar said:
    Just glancing at the guide Gyrfalcon, it looks like you need root to install its dependencies. So it's not really that scary. If someone has root, you're fucked anyways.

    I wouldn't take it that lightly and one must see how they operate. They have a quite large toolkit available and we know from quite some other cases/leaks that getting root isn't anything but a trivial problem for them. Plus - and interesting in our context here - they have the lea means to get at the server hardware.

    The little comfort one can find with that is that the manual clearly shows that their operators usually are clueless drones.

  • duckeeyuckduckeeyuck Member
    edited July 2017

    bsdguy said: I have provided the link to Wikileaks twitter (and actually copied the content here). You should be able to find more at the Wikileaks site.

    I say bullshit.

  • bsdguybsdguy Member

    Wikileaks has solidly earned a good reputation. Moreover, just shrugging and saying "oh well, maybe true, maybe not" is clearly a route which to take is not prudent.

  • bsdguy said: I wouldn't take it that lightly and one must see how they operate. They have a quite large toolkit available and we know from quite some other cases/leaks that getting root isn't anything but a trivial problem for them

    With root this tool is not needed, you can literally just replace the SSH binary, tap the network interface or install a kernel extension.

    None of this tools - they are not exploits in any way - are able to circumvent smartcard auth, either.

  • WSSWSS Member

    @William said:

    You have me intrigued, because I was debugging a SmartCard issue the other day, and found that the reader was just mapped through your standard FTDI TTL->USB device (Gemalto).

    Surely if they wanted to circumvent smartcard, they'd want to go for the underlying library, but it can't be that difficult to just, you know, reload your own usbserial sniffing module.

    Granted, I'm suggesting using a penknife to disassemble a tank, but just for the sake of argument.

    Thanked by 1netomx
  • If you became the object of attention of the CIA - the theft of SSH data will be your least problem ...

    Thanked by 3aboanas93 WSS Hxxx
  • I'm more concerned about the NSA intercepting and decrypting the traffic en masse:

    https://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/

  • joepie91joepie91 Member, Patron Provider

    This does not seem especially groundbreaking to me. If you have root, then yes, you can likely do things like reading out memory and other tricks to steal keys and 'intercept traffic' pre-encryption. That's not a vulnerability, that's just implementing software under known circumstances where you have access to sensitive data.

    Just one example of such a scenario: https://blog.netspi.com/stealing-unencrypted-ssh-agent-keys-from-memory/

    Thanked by 1Jordan
  • HxxxHxxx Member

    If is just the CIA, I'm ok with that. What are you hiding?

  • joepie91 said: Just one example of such a scenario

    That seems to be already higher level, i'd just take the key at time of connect with a kernel extension and don't rely at all on the agent being used...

  • WilliamWilliam Member
    edited July 2017

    WSS said: Surely if they wanted to circumvent smartcard, they'd want to go for the underlying library, but it can't be that difficult to just, you know, reload your own usbserial sniffing module.

    This does not work. The card chip is a CPU basically and returns a solution to a math problem which you cannot clone; this is why chip+pin is secure and cannot be skimmed on ATMs. Replay attacks are also not possible, so dumping the serial data is useless.

    The readers are nearly always just serial as protocol.

    Thanked by 1Aidan
  • WSSWSS Member

    Ah. So you'd need to know what it's doing to use the data it retrieves. So, a generic rebuild of the hardware interface to.. yeah. Not worth it. Thanks for that info!

  • I assume even that is nearly pointless; else ATM/CC chips would be clonable by now and we would have way worse problems than skimmers for CC track2 or "card stealing" skimmers....

    Some cards can certainly be "circumvented" (notably Schlumberger, the USB sticks you get for certain software with a SIM card in it, usually expensive as hell SW) - i have however never seen any solution that did rely only on a emulated serial interface and not needed a cracked/modified binary.

    These were popular for unlock boxes back like 200x for Nokia etc. phones to protect the SW side as the hardware box was often not more than a serial adapter either - meaning with chip cracked and a serial adapter plus some cables you were often able to get full functionality for free.

    Thanked by 1WSS
  • WSSWSS Member

    Cheers! I've never been in the field, but this all makes me curious.

Sign In or Register to comment.