Some context here about the 4th-last slide: After all the effort that went into building this sophisticated system, the highest scoring selector it identified that traveled to Peshawar and Lahore is a journalist who works for Al Jazeera:
Pretty scary what kind of confirmation bias is creeping in to the NSA's methods there, and the broader implications. Anyone who has worked with big data knows how easy it is to "discover" all sorts of patterns that are not really there.
For what it's worth, the network doesn't really provide privacy like that. Anyone monitoring your connection will still see requests to HN, and then to cryptome transmitting the same amount of data that is in that PDF. The only privacy related thing https would buy you here is the contents of the document could remain secret... but the entire world can know the content of it now, and even before then the U.S. government definitely knew it, since it is their document and all.
The one thing it would buy you is more certainty that the copy of the document you receive is the same one cryptome is distributing. Which is a good thing, but isn't really about privacy.
Sending encrypted data increases the likelihood that the encrypted data will have to be stored and analysed rather than immediately discarded, which increases the burden on someone monitoring all internet traffic.
Good point, you could possibly correlate the PDF size to determine what document it was. Didn't think of that. It still doesn't make HTTPS a bad idea though :)
The server could partially mitigate such an attack, at the cost of a bit of bandwidth, by appending junk to round file sizes up to the nearest multiple of, say, 1MB. Not something I envision your average site doing, but a site like Cryptome...
I’ve been thinking about this too. It would be great if it would suffice with small amounts of junk. But that might just be wishful thinking from my side.
Cryptome also has the advantage of mostly serving individual large files, rather than HTML/CSS/JS with a lot of bursty dependent requests.
The exponential rather than linear padding suggested by that paper sounds like a good idea, as it better reflects the typical distribution of file sizes.
Small amounts of junk might be significantly more effective than nothing. I had to remind myself this is not like a crypto timing attack where the attacker usually gets to retry the operation as many times as they want, making even large random padding potentially susceptible to statistical analysis; a user will usually download a particular document from a server at most a few times. However, these days I'd say the bandwidth of good Internet connections is high enough compared to typical single-digit-MB PDF sizes that relatively large amounts of junk shouldn't inconvenience users too much; I just tested and got ~2.2MB/s from Cryptome, which is not terribly high, but definitely high enough that, say, doubling a 5MB PDF to 10MB would be no big deal.
For the user, anyway. I have no idea what Cryptome's bandwidth costs look like.
Most web servers out there implement one form of another of key reuse usually via a dedicated SSL Session Cache otherwise their CPU's would melt ;)
One of the main reasons that SSL is relatively cheap right now is that not only you have some level of hardware acceleration, but web servers are now every good at managing and reusing SSL sessions.
On NGINX the default TTL for an SSL session is 5min without constant keep alive, however on most installations that I've seen this has been extended significantly.
You can store about 4000 sessions in 1 MB of data, that vs the amount of CPU cycles a handshake will take is a no brainier for most server owners.
You can however configure your clients not to reuse an existing session, not sure how well servers will behave in that scenario, some servers which implement TLS actually use that feature as a security measure.
mod_tls by default iirc only accepts SSL data sessiona with the same key as the SSL control session while the SSL session is in cache which makes some clients (old curl for example) actually incompatible with it so you might have issues when you trying to pull a file from an HTTPS or FTPS/SFTP service.
Reusing the session key implies that the client already knows the shared secret. Sure, if a client goes through his work-place, ssl-stripping proxy, then you might see that minitor@proxy.nsa.gov retrieved documentX, and that drone@proxy.nsa.gov retrieved the same document with the same session - but the traffic would be different unless all response headers were the same. And the proxy could just log the access anyway.
And what exactly would you think would happen if the "Government" knew that you were browsing Cryptome.
Heck with spooky "HTTPS" they can claim you've been browsing encrypted "dark web" sites containing classified material just as easily if we were living in some bizzaro world in which they would actually give a fuck.
Want to piss of the NSA? print out your browsing history every week and wait for it FAX it to (443) 479-3612, save them the trouble ;)
There are many more parties interested in one's browsing history than just one's own government. There are foreign governments, advertisers, data brokers, hackers, etc. HTTPS at least reduces the attack surface.
Conclusion: benefits/budget spent is extremely low.
False positives rate is very high and author tries to wiggle multiple times to make it appear less worthless.
So they're automatically generating selectors. Remember that when they try to imply that by using selectors and writing up justifications for their reasonable search/seizures, it's all been automated.
Just a kind reminder to USfg employees and their contractors -- if you have CM on your personal computer, regardless of the source, you're liable as if you stole it.
DoD issued an exception to the policy for employees reading information released by the media on personally-owned computers; it's permitted as long as the personally-owned computer isn't connected to government networks. Reading classified information released by the media on government-owned equipment is unauthorized, if it's not certified to process classified material.
Originally members of the DoD were required to report accidentally downloading or viewing the leaked documents on their own computers, which required them to turn in them in to be wiped. After it was understood the huge amount of military members and civilian employees that would be affected by this, an exception to policy was published.
What do you mean? Cryptome is a solid source; I'm pretty sure they don't do click-bait. Not sure why it would be declassified. Do you have any reason to believe it is?
Top Secret information has been determined to cause exceptionally grave damage to national security if released. Don't read it; don't click on it; don't post links to it. It's not funny; it's not clever; it's not fun.
The poster does deserve credit for putting the classification in the link text, so I know not to click on it. Seriously, thank you for that.
This post confuses me. The cat is already out of the bag. Anyone can see these slides now. Do you think that, if you read the slides, you will do something to compromise national security that you wouldn't have done otherwise?
This particular cat is out of the bag; people shouldn't be encouraged to commit this crime in the future with the promise of fame and/or fortune. Publicising this sort of thing gives publicity-seekers exactly what they want.
That's not always true. A lot of the time, things are marked as classified because they were tangentially related to something else that was classified. It's just easier to do things that way, and people who work for the government really prefer to do things the easy way. I knew a guy who interned at the NSA and he said that really inane stuff (like the internal numbering systems they used to organize stuff) is considered classified as TS.
I have no idea if any internal numbering schemes are classified, but it's not a crazy idea. A numbering system can indicate capabilities (imagine seeing that index 314-15.9 is 'questions to ask Hitler's brain') and how an organisation thinks about things.
But yes, over-classification is possible. Fortunately, there are processes to handle that.
Is this an example of Poe's law? How can you know the information is harmful to you if you don't click on it? Rules, if they exist, preventing government employees from reading leaked documents are the actual harm. Such rules are vaguely reminiscent of the tactics used by cults to keep their members in the dark.
> How can you know the information is harmful to you if you don't click on it?
It's not your job to determine if it's harmful to you; it's not your job to determine if it's harmful to national security. That's someone else's job, he did it, and now others have ignored that determination and have released it anyway.
> Rules, if they exist, preventing government employees from reading leaked documents are the actual harm.
Do you deny the legitimacy of state secrets altogether? When you go into a salary negotiation, do you say, 'I'd be willing to make as little as $X'?
If you accept that it's possible for secrets to be legitimate, then you have to accept that there will be secrets you will not be able to personally examine for their legitimacy (because revealing them to you would make them…no longer secret).
Likewise, it's not appropriate for someone in a position of great trust to betray that trust and decide for himself to leak something. One does not put the security of 350 million souls at risk due to the determination of a single man.
Instead, there are procedures in place for those with access to secrets to challenge their classification; there are people whose job ratings improve if they are able to sustain such challenges. The right thing to do, if someone believes something is misclassified, is to follow those procedures and shepherd that case through that system of people.
To do otherwise would be like having a single man with his finger on a nuclear weapon. Sure, he might only unleash it appropriately, but he might not. We have a system for the release of weapons; we have systems in place for the release of information.
https://firstlook.org/theintercept/2015/05/08/u-s-government...
Michael Hayden, former director of the NSA and CIA, once publicly stated: "We kill people based on metadata":
https://www.youtube.com/watch?v=UdQiz0Vavmc
This seems pretty worrying to me.