Monday, December 29, 2008

I am not dead AND guessing redacted documents...

Skip to end for updates on this ongoing speculation....

(All this time without a blog post and this will be a short one. I am sorry I haven’t been posting a lot lately but that is what happens when *GASP* paying customers have to come first.)

Like a lot of other people, I have been speculating about the "internet ending" bug that will be displayed at CCC tomorrow by Alexander Sotirov and Jacob Applebaum. I would like to start by saying that I am not in anyway making fun of them or their findings. These are very smart people, and if they say they can cause problems for internet infrastructure, I am preparing to spend the next few days reading books while the internet is not a safe place.

This post is not really about the bug but the redacted document used as an abstract about the talk. I know a lot of work has been done in the space of reading or making sense of redacted docs in the past, but I am an amateur so I thought I would write about my take. I have no insider info, and anything I say is just a pure guess.

At first look of the document, I noticed two areas that stand out. One is the last redacted statement of the second paragraph, and the second is the first redacted statement of the last paragraph. They both mention infrastructure in a way that implies (at least to me) that the first is a shortened or abbreviated version of the second.

The next thing I did is count the characters in each redacted block. I first printed out the image and went old school on it with pen and paper. I marked the length of each block, making a judgment call about whether the spaces are including in the redaction, and measured a normal text block of the same length and saw how many characters I could come up with. I got roughly 8 for the first one and around 25 for the second one.

Based on the context of the first and second sentence, I assumed that unless the first 8 characters is a proper noun like Google, it would have to be more generic and include something like “the.” I am not ruling the proper noun out BTW, I am just focusing on more generic terms since information about the attack mentions how widespread the attack is.

Some possibilities I came up with while brainstorming on SILC with Nick DePetrillo for the first interesting redacted block:
"the DNS"
"the PKI"
"the SSL"
"the web"
"the SIP"
"the SSH"

I would list Google and VeriSign but based on the sentence structure you would have to make it plural and show ownership, which would put both of them over the character limit. It was also suggested that Akamai would fit but I can’t see a way to take advantage of that without serious DNS manipulation. So, we have it covered with the DNS entry above.

So what is my guess? Based on HD Moores post about how it could reap benefits and the large resource investment leads me to believe it has something to do with PKI (public key cryptography).

There is known, theoretical weakness in PKI. Chinese researchers found they could create hash collisions in SHA-1 using 269 operations. This could probably be done with less than a million machines working for less than 6-months, well within the power of a botnet. The way an attack could work is that hackers create two certificates that hash to the same value. The first would be for "PayPal" (for example) and the second for "Fubar Inc." The certificate authority, such as Verisign, signs the Fubar certificate, thus also signing the fake PayPal certificate. From that point on, the hacker is now PayPal as far as the rest of the world is concerned. It's not just SSL that is vulnerable, but entire trust chains based upon PKI. This could be used to hack into a company's LDAP system, for example, because now you become a trusted member of that system.

UPDATE 1: The fourth paragraph beings with: The main result of our proof of concept attack is that we are in possession of a *redacted*.
I bet they are in possession of a bogus cert for a website that will evaluate correctly. For instance they have created a fake cert for that when verified by a browser will check out and not throwing up and phishing filters in any of the major browsers.

UPDATE 2: Speech announced titled "MD5 considered harmful today: Creating a rogue CA Certificate"

1 comment:

Marisa Fagan said...

More coverage from the blogosphere:

Ryan Naraine - ZDnet Zero Day

Eliot Phillips - Hack A Day

Christofer Hoff - Rational Survivability

Security4all - Security4all