• CRYPTO-GRAM, May 15, 2022

    From TheCivvie@618:500/14.1 to All on Fri Jun 17 12:00:25 2022

    Crypto-Gram
    May 15, 2022

    by Bruce Schneier
    Fellow and Lecturer, Harvard Kennedy School
    schneier@schneier.com
    https://www.schneier.com

    A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and
    otherwise.

    For back issues, or to subscribe, visit Crypto-Gram's web page.

    Read this issue on the web

    These same essays and news items appear in the Schneier on Security blog, along with a lively and intelligent comment
    section. An RSS feed is available.

    ** *** ***** ******* *********** *************
    In this issue:

    If these links don't work in your email client, try reading this issue of Crypto-Gram on the web.

    Undetectable Backdoors in Machine-Learning Models
    Clever Cryptocurrency Theft
    Long Article on NSO Group
    Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries
    SMS Phishing Attacks are on the Rise
    Zero-Day Vulnerabilities Are on the Rise
    Microsoft Issues Report of Russian Cyberattacks against Ukraine
    Video Conferencing Apps Sometimes Ignore the Mute Button
    Using Pupil Reflection in Smartphone Camera Selfies
    New Sophisticated Malware
    15.3 Million Request-Per-Second DDoS Attack
    Corporate Involvement in International Cybersecurity Treaties
    Apple Mail Now Blocks Email Trackers
    ICE Is a Domestic Surveillance Agency
    Surveillance by Driverless Car
    Upcoming Speaking Engagements

    ** *** ***** ******* *********** *************
    Undetectable Backdoors in Machine-Learning Models

    [2022.04.19] New paper: Planting Undetectable Backdoors in Machine Learning Models:

    Abstract: Given the computational cost and technical expertise required to train machine learning models, users may
    delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor
    into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains
    a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the
    appropriate backdoor key, the mechanism is hidden and cannot be detected by any computationally-bounded observer. We
    demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.

    First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees
    that given black-box access to the original model and the backdoored version, it is computationally infeasible to find
    even a single input where they differ. This property implies that the backdoored model has generalization error
    comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using
    the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability
    holds against powerful white-box distinguishers: given a complete description of the network and the training data, no
    efficient distinguisher can guess whether the model is clean or contains a backdoor.

    Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial
    examples. In particular, our construction can produce a classifier that is indistinguishable from an adversarially
    robust classifier, but where every input has an adversarial example! In summary, the existence of undetectable
    backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

    EDITED TO ADD (4/20): Cory Doctorow wrote about this as well.

    ** *** ***** ******* *********** *************
    Clever Cryptocurrency Theft

    [2022.04.20] Beanstalk Farms is a decentralized finance project that has a majority stake governance system: basically
    people have proportional votes based on the amount of currency they own. A clever hacker used a flash loan feature of
    another decentralized finance project to borrow enough of the currency to give himself a controlling stake, and then
    approved a $182 million transfer to his own wallet.

    It is insane to me that cryptocurrencies are still a thing.

    ** *** ***** ******* *********** *************
    Long Article on NSO Group

    [2022.04.21] Ronan Farrow has a long article in the New Yorker on NSO Group, which includes the news that someone --
    probably Spain -- used the software to spy on domestic Catalonian separatists.

    ** *** ***** ******* *********** *************
    Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

    [2022.04.22] Interesting implementation mistake:

    The vulnerability, which Oracle patched on Tuesday, affects the companys implementation of the Elliptic Curve
    Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic
    curve cryptography to authenticate messages digitally.

    [...]

    ECDSA signatures rely on a pseudo-random number, typically notated as K, thats used to derive two additional
    numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signers public
    key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid.

    [...]

    For the process to work correctly, neither R nor S can ever be a zero. Thats because one side of the equation is R,
    and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 =
    0 X (other values from the private key and hash), which will be true regardless of the additional values. That means an
    adversary only needs to submit a blank signature to pass the verification check successfully.

    Madden wrote:

    Guess which check Java forgot?

    Thats right. Javas implementation of ECDSA signature verification didnt check if R or S were zero, so you could
    produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid
    signature for any message and for any public key. The digital equivalent of a blank ID card.

    More details.

    ** *** ***** ******* *********** *************
    SMS Phishing Attacks are on the Rise

    [2022.04.25] SMS phishing attacks -- annoyingly called smishing -- are becoming more common.

    I know that I have been receiving a lot of phishing SMS messages over the past few months. I am not getting the Fedex
    package delivered messages the article talks about. Mine are usually of the form: Thank you for paying your bill, heres
    a free gift for you.

    ** *** ***** ******* *********** *************
    Zero-Day Vulnerabilities Are on the Rise

    [2022.04.27] Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities
    reported in 2021.

    Google:

    2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero
    began tracking in mid-2014. Thats more than double the previous maximum of 28 detected in 2015 and especially stark
    when you consider that there were only 25 detected in 2020. Weve tracked publicly known in-the-wild 0-day exploits in
    this spreadsheet since mid-2014.

    While we often talk about the number of 0-day exploits used in-the-wild, what were actually discussing is the
    number of 0-day exploits detected and disclosed as in-the-wild. And that leads into our first conclusion: we believe
    the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather
    than simply increased usage of 0-day exploits.

    Mandiant:

    In 2021, Mandiant Threat Intelligence identified 80 zero-days exploited in the wild, which is more than double the
    previous record volume in 2019. State-sponsored groups continue to be the primary actors exploiting zero-day
    vulnerabilities, led by Chinese groups. The proportion of financially motivated actors -- particularly ransomware
    groups -- deploying zero-day exploits also grew significantly, and nearly 1 in 3 identified actors exploiting zero-days
    in 2021 was financially motivated. Threat actors exploited zero-days in Microsoft, Apple, and Google products most
    frequently, likely reflecting the popularity of these vendors. The vast increase in zero-day exploitation in 2021, as
    well as the diversification of actors using them, expands the risk portfolio for organizations in nearly every industry
    sector and geography, particularly those that rely on these popular systems.

    News article.

    ** *** ***** ******* *********** *************
    Microsoft Issues Report of Russian Cyberattacks against Ukraine

    [2022.04.28] Microsoft has a comprehensive report on the dozens of cyberattacks -- and even more espionage operations
    -- Russia has conducted against Ukraine as part of this war:

    At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted
    destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and
    sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set
    of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade
    Ukrainian government and military functions and undermine the publics trust in those same institutions.

    [...]

    Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper
    malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since
    the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that
    permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.

    ** *** ***** ******* *********** *************
    Video Conferencing Apps Sometimes Ignore the Mute Button

    [2022.04.29] New research: Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps:

    Abstract: In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces --
    bedrooms, living rooms, and kitchens -- into semi-public extensions of the office. And for the most part, users have
    accepted these apps in their personal space, without much thought about the permission models that govern the use of
    their personal data during meetings. While access to a devices video camera is carefully controlled, little has been
    done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens
    to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to analyze users
    understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio
    in many popular VCAs as it traverses the app from the audio driver to the network. We find fragmented policies for
    dealing with microphone data among VCAs -- some continuously monitor the microphone input during mute, and others do so
    periodically. One app transmits statistics of the audio to its telemetry servers while the app is muted. Using network
    traffic that we intercept en route to the telemetry server, we implement a proof-of-concept background activity
    classifier and demonstrate the feasibility of inferring the ongoing background activity during a meeting -- cooking,
    cleaning, typing, etc. We achieved 81.9% macro accuracy on identifying six common background activities using
    intercepted outgoing telemetry packets when a user is muted.

    The paper will be presented at PETS this year.

    News article.

    ** *** ***** ******* *********** *************
    Using Pupil Reflection in Smartphone Camera Selfies

    [2022.05.03] Researchers are using the reflection of the smartphone in the pupils of faces taken as selfies to infer
    information about how the phone is being used:

    For now, the research is focusing on six different ways a user can hold a device like a smartphone: with both
    hands, just the left, or just the right in portrait mode, and the same options in horizontal mode.

    Its not a lot of information, but its a start. (Itll be a while before we can reproduce these results from Blade
    Runner.)

    Research paper.

    ** *** ***** ******* *********** *************
    New Sophisticated Malware

    [2022.05.04] Mandiant is reporting on a new botnet.

    The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims
    networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim
    environment and picking up where things left off. There are many keys to its stealth, including:

    The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point
    controllers, and other types of IoT devices that dont support antivirus or endpoint detection. This makes detection
    through traditional means difficult.
    Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files
    used on a specific infected device.
    A live-off-the-land approach that favors common Windows programming interfaces and tools over custom code with
    the goal of leaving as light a footprint as possible.
    An unusual way a second-stage backdoor connects to attacker-controlled infrastructure by, in essence, acting as
    a TLS-encrypted server that proxies data through the SOCKS protocol.

    [...]

    Unpacking this threat group is difficult. From outward appearances, their focus on corporate transactions suggests
    a financial interest. But UNC3524s high-caliber tradecraft, proficiency with sophisticated IoT botnets, and ability to
    remain undetected for so long suggests something more.

    From Mandiant:

    Throughout their operations, the threat actor demonstrated sophisticated operational security that we see only a
    small number of threat actors demonstrate. The threat actor evaded detection by operating from devices in the victim
    environments blind spots, including servers running uncommon versions of Linux and network appliances running opaque
    OSes. These devices and appliances were running versions of operating systems that were unsupported by agent-based
    security tools, and often had an expected level of network traffic that allowed the attackers to blend in. The threat
    actors use of the QUIETEXIT tunneler allowed them to largely live off the land, without the need to bring in additional
    tools, further reducing the opportunity for detection. This allowed UNC3524 to remain undetected in victim environments
    for, in some cases, upwards of 18 months.

    ** *** ***** ******* *********** *************
    15.3 Million Request-Per-Second DDoS Attack

    [2022.05.05] Cloudflare is reporting a large DDoS attack against an unnamed company operating a crypto launchpad.

    While this isnt the largest application-layer attack weve seen, it is the largest weve seen over HTTPS. HTTPS DDoS
    attacks are more expensive in terms of required computational resources because of the higher cost of establishing a
    secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack, and for the victim to
    mitigate it. Weve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of
    the resources it required at its scale.

    The attack only lasted 15 seconds. No word on motive. Was this a test? Or was that 15-second delay critical for some
    other fraud?

    News article.

    ** *** ***** ******* *********** *************
    Corporate Involvement in International Cybersecurity Treaties

    [2022.05.06] The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President
    Emmanuel Macron during the 2018 UNESCOs Internet Governance Forum. Its an attempt by the worlds governments to come
    together and create a set of international norms and standards for a reliable, trustworthy, safe, and secure Internet.
    Its not an international treaty, but it does impose obligations on the signatories. Its a major milestone for global
    Internet security and safety.

    Corporate interests are all over this initiative, sponsoring and managing different parts of the process. As part of
    the Call, the French company Cigref and the Russian company Kaspersky chaired a working group on cybersecurity
    processes, along with French research center GEODE. Another working group on international norms was chaired by US
    company Microsoft and Finnish company F-Secure, along with a University of Florence research center. A third working
    groups participant list includes more corporations than any other group.

    As a result, this process has become very different than previous international negotiations. Instead of governments
    coming together to create standards, it is being drive by the very corporations that the new international regulatory
    climate is supposed to govern. This is wrong.

    The companies making the tools and equipment being regulated shouldnt be the ones negotiating the international
    regulatory climate, and their executives shouldnt be named to key negotiation roles without appointment and
    confirmation. Its an abdication of responsibility by the US government for something that is too important to be
    treated this cavalierly.

    On the one hand, this is no surprise. The notions of trust and stability in cyberspace are about much more than
    international safety and security. Theyre about market share and corporate profits. And corporations have long led
    policymakers in the fast-moving and highly technological battleground that is cyberspace.

    The international Internet has always relied on what is known as a multistakeholder model, where those who show up and
    do the work can be more influential than those in charge of governments. The Internet Engineering Task Force, the group
    that agrees on the technical protocols that make the Internet work, is largely run by volunteer individuals. This
    worked best during the Internets era of benign neglect, where no one but the technologists cared. Today, its different.
    Corporate and government interests dominate, even if the individuals involved use the polite fiction of their own names
    and personal identities.

    However, we are a far cry from decades past, where the Internet was something that governments didnt understand and
    largely ignored. Today, the Internet is an essential infrastructure that underpins much of society, and its governance
    structure is something that nations care about deeply. Having for-profit tech companies run the Paris Call process on
    regulating tech is analogous to putting the defense contractors Northrop Grumman or Boeing in charge of the 1970s SALT
    nuclear agreements between the US and the Soviet Union.

    This also isnt the first time that US corporations have led what should be an international relations process regarding
    the Internet. Since he first gave a speech on the topic in 2017, Microsoft President Brad Smith has become almost
    synonymous with the term Digital Geneva Convention. Its not just that corporations in the US and elsewhere are taking a
    lead on international diplomacy, theyre framing the debate down to the words and the concepts.

    Why is this happening? Different countries have their own problems, but we can point to three that currently plague the
    US.

    First and foremost, cyber still isnt taken seriously by much of the government, specifically the State Department. Its
    not real to the older military veterans, or to the even older politicians who confuse Facebook with TikTok and use the
    same password for everything. Its not even a topic area for negotiations for the US Trade Representative. Nuclear
    disarmament is real geopolitics, while the Internet is still, even now, seen as vaguely magical, and something that can
    be fixed by having the nerds yank plugs out of a wall.

    Second, the State Department was gutted during the Trump years. It lost many of the up-and-coming public servants who
    understood the way the world was changing. The work of previous diplomats to increase the visibility of the State
    Departments cyber efforts was abandoned. There are few left on staff to do this work, and even fewer to decide if
    theyre any good. Its hard to hire senior information security professionals in the best of circumstances; its why
    charlatans so easily flourish in the cybersecurity field. The built-up skill set of the people who poured their effort
    and time into this work during the Obama years is gone.

    Third, theres a power struggle at the heart of the US government involving cyber issues, between the White House, the
    Department of Homeland Security (represented by CISA), and the military (represented by US Cyber Command). Trying to
    create another cyber center of power within the State Department threatens those existing powers. Its easier to leave
    it in the hands of private industry, which does not affect those government organizations budgets or turf.

    We dont want to go back to the era when only governments set technological standards. The governance model from the
    days of the telephone is another lesson in how not to do things. The International Telecommunications Union is an
    agency run out of the United Nations. It is moribund and ponderous precisely because it is run by national governments,
    with civil society and corporations largely alienated from the decision-making processes.

    Today, the Internet is fundamental to global society. Its part of everything. It affects national security and will be
    a theater in any future war. How individuals, corporations, and governments act in cyberspace is critical to our
    future. The Internet is critical infrastructure. It provides and controls access to healthcare, space, the military,
    water, energy, education, and nuclear weaponry. How it is regulated isnt just something that will affect the future. It
    is the future.

    Since the Paris Call was finalized in 2018, it has been signed by 81 countries -- including the US in 2021 -- 36 local
    governments and public authorities, 706 companies and private organizations, and 390 civil society groups. The Paris
    Call isnt the first international agreement that puts companies on an equal signatory footing as governments. The
    Global Internet Forum to Combat Terrorism and the Christchurch Call to eliminate extremist content online do the same
    thing. But the Paris Call is different. Its bigger. Its more important. Its something that should be the purview of
    governments and not a vehicle for corporate power and profit.

    When something as important as the Paris Call comes along again, perhaps in UN negotiations for a cybercrime treaty, we
    call for actual State Department officials with technical expertise to be sitting at the table with the interests of
    the entire US in their pocket...not people with equity shares to protect.

    This essay was written with Tarah Wheeler, and previously published on The Cipher Brief.

    ** *** ***** ******* *********** *************
    Apple Mail Now Blocks Email Trackers

    [2022.05.09] Apple Mail now blocks email trackers by default.

    Most email newsletters you get include an invisible image, typically a single white pixel, with a unique file name.
    The server keeps track of every time this image is opened and by which IP address. This quirk of internet history means
    that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your
    location.

    So, how does Apple Mail stop this? By caching. Apple Mail downloads all images for all emails before you open them.
    Practically speaking, that means every message downloaded to Apple Mail is marked read, regardless of whether you open
    it. Apples also routes the download through two different proxies, meaning your precise location also cant be tracked.

    Crypto-Gram uses Mailchimp, which has these tracking pixels turned on by default. I turn them off. Normally, Mailchimp
    requires them to be left on for the first few mailings, presumably to prevent abuse. The company waived that
    requirement for me.

    ** *** ***** ******* *********** *************
    ICE Is a Domestic Surveillance Agency

    [2022.05.11] Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US:

    When you think about government surveillance in the United States, you likely think of the National Security Agency
    or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But unless you or
    someone you love has been targeted for deportation, you probably dont immediately think of Immigration and Customs
    Enforcement (ICE).

    This report argues that you should. Our two-year investigation, including hundreds of Freedom of Information Act
    requests and a comprehensive review of ICEs contracting and procurement records, reveals that ICE now operates as a
    domestic surveillance agency. Since its founding in 2003, ICE has not only been building its own capacity to use
    surveillance to carry out deportations but has also played a key role in the federal governments larger push to amass
    as much information as possible about all of our lives. By reaching into the digital records of state and local
    governments and buying databases with billions of data points from private companies, ICE has created a surveillance
    infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time. In its efforts to
    arrest and deport, ICE has -- without any judicial, legislative or public oversight -- reached into datasets containing
    personal information about the vast majority of people living in the U.S., whose records can end up in the hands of
    immigration enforcement simply because they apply for drivers licenses; drive on the roads; or sign up with their local
    utilities to get access to heat, water and electricity.

    ICE has built its dragnet surveillance system by crossing legal and ethical lines, leveraging the trust that people
    place in state agencies and essential service providers, and exploiting the vulnerability of people who volunteer their
    information to reunite with their families. Despite the incredible scope and evident civil rights implications of ICEs
    surveillance practices, the agency has managed to shroud those practices in near-total secrecy, evading enforcement of
    even the handful of laws and policies that could be invoked to impose limitations. Federal and state lawmakers, for the
    most part, have yet to confront this reality.

    EDITED TO ADD (5/13): A news article.

    ** *** ***** ******* *********** *************
    Surveillance by Driverless Car

    [2022.05.12] San Francisco police are using autonomous vehicles as mobile surveillance cameras.

    Privacy advocates say the revelation that police are actively using AV footage is cause for alarm.

    This is very concerning, Electronic Frontier Foundation (EFF) senior staff attorney Adam Schwartz told Motherboard.
    He said cars in general are troves of personal consumer data, but autonomous vehicles will have even more of that data
    from capturing the details of the world around them. So when we see any police department identify AVs as a new source
    of evidence, thats very concerning.

    ** *** ***** ******* *********** *************
    Upcoming Speaking Engagements

    [2022.05.14] This is a current list of where and when I am scheduled to speak:

    Im speaking on Securing a World of Physically Capable Computers at OWASP Belgiums chapter meeting in Antwerp,
    Belgium, on May 17, 2022.
    Im speaking at Future Summits in Antwerp, Belgium, on May 18, 2022.
    Im speaking at IT-S Now 2022 in Vienna, Austria, on June 2, 2022.
    Im speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia, on June 3,
    2022.
    Im speaking at the RSA Conference 2022 in San Francisco, June 6-9, 2022.
    Im speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022.

    The list is maintained on this page.

    ** *** ***** ******* *********** *************

    Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on
    security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.

    You can also read these articles on my blog, Schneier on Security.

    Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable.
    Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

    Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the
    author of over one dozen books -- including his latest, We Have Root -- as well as hundreds of articles, essays, and
    academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein
    Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board
    member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the
    Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

    Copyright 2022 by Bruce Schneier.

    ** *** ***** ******* *********** *************

    Mailing list hosting graciously provided by MailChimp. Sent without web bugs or link tracking.

    You are receiving this email because you subscribed to the Crypto-Gram newsletter.

    Bruce Schneier Harvard Kennedy School 1 Brattle Square Cambridge, MA 02138 USA


    --- GoldED+/W64-MSVC 1.1.5-b20180707
    * Origin: TC on Micronet Daily (618:500/14.1)