What the Yahoo NSA might've looked for

The vague story about Yahoo searching emails for the NSA was cleared up today with various stories from other outlets [1]. It seems clear a FISA court order was used to compel Yahoo to search all their customer's email for a pattern (or patterns). But there's an important detail still missing: what specifically were they searching for? In this post, I give an example.

The NYTimes article explains the search thusly:

Investigators had learned that agents of the foreign terrorist organization were communicating using Yahoo’s email service and with a method that involved a “highly unique” identifier or signature, but the investigators did not know which specific email accounts those agents were using, the officials said.

What they are likely referring it is software like "Mujahideen Secrets", which terrorists have been using for about a decade to encrypt messages. It includes a unique fingerprint/signature that can easily be searched for, as shown below.

In the screenshot below, I use this software to type in a secret message:

I then hit the "encrypt" button, and get the following, a chunk of random looking text:

This software encrypts, but does not send/receive messages. You have to do that manually yourself. It's intended that terrorists will copy/paste this text into emails. They may also paste the messages into forum posts. Encryption is so good that nobody, not even the NSA, can crack properly encrypted messages, so it's okay to post them to public forums, and still maintain secrecy.

In my case, I copy/pasted this encrypted message into an email message from one of my accounts and sent to to one of my Yahoo! email accounts. I received the message shown below:

The obvious "highly unique signature" the FBI should be looking for, to catch this software, is the string:

### Begin ASRAR El Mojahedeen v2.0 Encrypted Message ###

Indeed, if this is the program the NSA/FBI was looking for, they've now caught this message in their dragnet of incoming Yahoo! mail. This is a bit creepy, which is why I added a plea to the message, in unencrypted form, asking them not to rendition or drone strike me. Since the NSA can use such signatures to search traffic from websites, as well as email traffic, there's a good change you've been added to their "list" simply for reading this blog post. For fun, send this blogpost to family or friends you don't particularly like, in order to get them on the watch list as well.

The thing to note about this is that the string is both content and metadata. As far as the email system is concerned, it is content like anything else you might paste into a message. As far as the terrorists are concerned, the content is encrypted, and this string is just metadata describing how the content was encrypted. I suspect the FISA court might consider content and metadata differently, and that they might issue such an order to search for this metadata while not being willing to order searches of patterns within content.

Regardless of what FISA decides, though, this is still mass surveillance of American citizens. All Yahoo! mail is scanned for such a pattern. I'm no sure how this can possibly be constitutional. Well, I do know how -- we can't get any details about what the government is doing, because national security, and thus we have no "standing" in the court to challenge what they are doing.

Note that one reason Yahoo! may have had to act in 2015 is because after the Snowden revelations, and at the behest of activists, email providers started to use STARTTLS encryption between email servers. If the NSA had servers passively listening to email traffic before, they'd need to be replaced with a new system that tapped more actively into the incoming email stream, behind the initial servers. Thus, we may be able to blame activists for this system (or credit, as the case may be :).

In any case, while the newer stories do a much better job at describe what details are available, no story is complete on this issue. This blogpost suggests one possible scenario that matches the available descriptions, to show more concretely what's going on.

If you want to be troublemaker, add the above string to as your email signature, so that it gets sent as part of every email you send. It's hard to imagine the NSA or GCHQ aren't looking for this string, so it'll jam up their system.

Why Snowden won't be pardoned

Edward Snowden (NSA leakerblower) won’t be pardoned. I’m not arguing that he shouldn’t be pardoned, but that he won’t be pardoned. The chances are near zero, and the pro-pardon crowd doesn't seem to be doing anything to cange this. This post lists a bunch of reasons why. If your goal is to get him pardoned, these are the sorts of things you’ll have to overcome.

The tl;dr list is this:

• Obama hates whistleblowers
• Obama loves the NSA
• A pardon would be betrayal
• Snowden leaked because he was disgruntled, not because he was a man of conscience (***)
• Snowden hasn’t yet been convicted
• Snowden leaked too much
• Snowden helped Russian intelligence
• Nothing was found to be illegal or unconstitutional

How we really know the Sunday Times story is bogus

Stories sourced entirely from "anonymous senior government officials" are propaganda, not journalism. The identities of the sources are hidden not to protect them from speaking out against the government, since they are in fact delivering exactly the message the government wants to get out. Instead, their identities are kept secret so that their message cannot be challenged.

It's not just me claiming this. Every journalistic organization criticizes the practice. Every set of journalistic ethics guidelines calls this unethical.

Yet, somehow it keeps happening. The latest example is the The Sunday Times, Britains largest newspaper, reporting government officials critical of Snowden. We know the story is bogus, because it quotes solely government official spouting the party line. Moreover, even if that weren't the case, it's obvious propaganda, arguing one side of the story, and not even attempting to get the other point of view from Russia, China, or Snowden himself. Snowden is often quoted in newspapers, he can't be that hard to get a hold of. Not contacting Snowden for his side is also a violation of journalistic ethics.

I point this out because there are lots of good criticisms of the story, for example, pointing out that the correct term is "MI6 officers" not "agents", and no knowledgeable government expert would make that error. But a detailed analysis of that piece isn't needed. The pure fact that it tramples all over journalistic ethics is proof enough that the story is bogus.

FYI: Snowden made things worse

Snowden appeared at a #CatoSpyCon, and cited evidence of how things have improved since his disclosures (dislaimer: as Libertarian, I'm a fan of both CATO and Snowden). He cited some pretty compelling graphs, such as a sharp increase of SSL encryption. However, at the moment, I'm pretty sure he's made things worse.

The thing is, governments didn't know such surveillance was possible. Now that Snowden showed what the NSA was doing, governments around the world are following that blueprint, dramatically increasing their Internet surveillance. Not only do they now know how to do it, they are given good justifications. If the United States (the moral leader in "freedoms") says it's okay, then it must be okay for more repressive governments (like France). There is also the sense of competition, that if the NSA knows what's going on across the Internet, then they need to know, too.

This is a problem within the United Sates, too. The NSA collected everyone's phone records over the last 7 years. Before Snowden, that database was accessed rarely, and really for only terrorism purposes. However, now that everyone else in government knows the database exists, they are showing up at the NSA with warrants to get the data. It's not just the FBI, but any department within the government who thinks they have a need for that data (e.g. the IRS). Recently, an amendment was added to the Intelligence Authorization bill to codify the process. We don't have any transparency into this, but it's a good bet that the database has been accessed to retrieve American information more often in the year since Snowden than the 7 years before.

Snowden did the right thing in exposing phone surveillance, of course. My point isn't to say he's wrong. Instead, my point is that we aren't winning the war against surveillance. Activists are focussing on the good news, cherry picking the parts where we win. They are ignoring the bad news, that we are losing the war. The Intelligence Authorization bill is an excellent example of that.

Why Snowden belongs in jail

For me, Snowden is a hero, having revealed intolerable actions by Congress, Courts, the Executive branch, and collusion among the two official Parties.

Not everyone agrees with me.

But that's okay. We live in a pluralistic society where not everyone has to believe the same thing. Reasonable people can disagree. That you disagree with me doesn't mean that one of us is stupid, evil, or otherwise unreasonable. It simply means that we disagree.

Consequently, according to polls, Snowden only served half the country, the country that wants less domestic surveillance. Snowden worked against the interests of the other half the country, the half that votes for (fascist) politicians like Dianne Feinstein and Lindsey Graham.

In other words, rather than fighting for everyone's interests, Snowden only fought for his own interests, against the interests of others. That's not noble. His ends don't justify his means, which were clearly illegal. That his interests are my interests doesn't change this.

That a president would grant clemency to Snowden would be evil. It would invite everyone to break their word (and the law) to promote their politics. That invites chaos. That the powerful would then pardon those with the right politics would be wholly corrupt.


However, this argument would change if the Supreme Court rules in Snowden's favor. Snowden's highest, most important oath was to "defend the Constitution", and it's obvious that the only way the case could get to the Supreme Court was through leaks. By definition, the Constitution is above politics -- even if you disagree with it. Should this happen, should the Supreme Court (not just lower courts) rule in his favor, then Snowden deserves a full pardon and medals of honor.

But until/if that happens, he is merely a lawbreaker/oathbreaker who belongs in jail.


I write this because there are a lot of people writing about whether Snowden should/shoudn't be given clemency. All of them are based on whether they agree with his "ends", rather than than discussing whether they agree with the "means". All I'm arguing here is that the "ends don't justify the means". The only thing that can justify Snowden's means are whether the Supreme Court agrees, not whether any of us personally like/dislike Snowden's ends.

Baconizing: how the NSA collects buddy-lists

Over the weekend it was revealed that the NSA is slurping up everyone's email "address book" and chat "buddy lists". How does this work?

You can look at my open-source "ferret" utility for the answer. It parses a bunch of different email (SMTP, POP, IMAP) and chat protocols (MSN, Yahoo, and AOL). I wrote this code back in 2007. It's unlikely that any NSA engineer writing similar code since wouldn't have seen my ferret program. Also, my code is very fast, it can reasonable be run on multi-gigabit links -- the sort you'd find in underwater taps of fiber-optic links.

Likewise, there's a good chance they saw my presentations on ferret and "data seepage", such as this one from Black Hat DC in 2007 where I explain on how to grab a person's address book:

In my presentation, I called this "baconizing", refering to the "6 degrees of Kevin Bacon" theory. I was hoping it would catch on. It didn't.

Anyway, if you want to understand this issue more, I highly recommend either the above presentation or the ferret source code itself.

Silk Road: caught by the NSA?

According to the complaint against Silk Road, the investigation into Ulbricht appears to have started when border agents intercepted fake IDs [update: though see Popehat's discussion of evidence it started earlier]:

On or about July 10, 2013, CBP [Customs and Border Patrol] intercepted a package from the mail inbound from Canada as part of a routine border search. The package was found to contain nine counterfeit identity documents.

"Routine border search" is one of the techniques taught by the "Special Operations Devision" to hide the source of unconstitutionally obtained information. As documented in the Reuters article, when the NSA or FBI obtains unconstitutional evidence against American citizens, they tell border agents what to look for when things cross the borders.

NSA's Fort Belvoir and Star Trek

This is an example of how my experiences with the NSA jar with the press's reporting. An article in Foreign Policy Review claims that General Alexander hired a Hollywood set designer to make his command center at Fort Belvoir look like the bridge of the Enterprise. That's not the story I heard.

I visited Fort Belvoir around 2003 (I forget the exact timeframe). The story I was given is that the Hollywood set designer was a relative, of the head himself or one of his underlings, and that the set designer provided his services for free. Rather than a passion for Star Trek, the situation was more about taking advantage of the opportunity. Whether they spent a ton of money, or got free services, seems to me to be a critical part of the story.

Also, it's not just Federation. The exterior doors have interlocking swords like the Klingon High Council Chamber.

I point this out to show how the press creates a narrative, in this case of Keith Alexander being a "cowboy", and ignores things that don't fit their narrative. I'm on the front lines calling the NSA evil and Orwellian, but at the same time, I don't trust the press, either.

No, the NSA can't spy on arbitrary smartphone data

The NSA has been exposed as evil and untrustworthy, but so has the press. The press distorts every new revelation, ignoring crucial technical details, and making it sound worse than it really is. An example is this Der Spiegel story claiming "NSA Can Spy On Smartphone Data", such as grabbing your contacts or SMS/email stored on the phone. Update: That was a teaser story, the actual story appearing tomorrow (available here) has more facts and fewer speculations than the teaser story.

NSA FOIA fail is fail

I blogged about my NSA FOIA response, and how it didn't even match my request. A guy "Cody" at DefCon showed me an even better response:  his FOIA response was for the wrong person, meant for somebody in Germany (not even a citizen) instead of himself.

If you click on the picture, you can see it's the same form-letter response I got, just to a different person with a different case number. As you can see, the case numbers are probably sequential.

I can understand the NSA's perspective. They got a flood of requests that they are probably going to deny anyway, and carefully considering each one would take months with the limited resources they have. Therefore, they sent out the quick denial.

But at the same time, this subverts the intent of FOIA: the people holding government accountable. The NSA exploits fear of terrorism and the "necessity" of secrets to hold itself above accountability. This is just another example of their malicious intent to hide from us.