Data Fortress 101: Is it possible to make a computer that’s totally invulnerable to the NSA?



Having been offered a position at the agency’s top offensive hacking unit, then-NSA contractor Edward Snowden was well aware of the scope of the government’s surveillance abilities when he stole roughly 1.7 million classified documents and abruptly went to ground. As a result, his behaviour leading up to the theft was at times a little strange; some critics have spent quite a lot of time harping on about how he used to put a cloth hood over his head and screen, so only he could see it. To many, this is evidence of a paranoid behavior that proves he’s a creepy nut — and certainly no principled whistleblower. If those people had known what Snowden knew at that time, however, they very well might have acted the same way.

Consider the data fortress created by journalists from the Guardian to house Snowden’s leaked files: the encrypted documents existed only on anonymously purchased and fully encrypted laptops which had never been connected to the internet, and which were in turn kept in a guarded hotel room in which no electronics were allowed. Even so, many analysts believe the NSA has hacked its way into these machines, obtaining for themselves a full copy of the (encrypted and unreadable) leaked documents. If even these extreme measures aren’t enough to keep out attackers, is real security even possible?
Most high security data centers are buried underground with thick concrete walls and carefully planned wiring.

Most high security data centers are buried underground with thick concrete walls and carefully planned wiring.

We’ll say that our win condition in this thought experiment is keeping a single file untouched given unlimited effort and spending on the part of all comers, from foreign criminals to domestic spies, for a full month. We’ll also say that the computers have to be capable of getting files on and off the hard drive; an open internet connection is out of the question, but external storage devices might work. The target file can be encrypted, but must be decrypted to open the file at least once per day. We’ll also assume that the entire month is spent trying to get at us, and that our attackers have access to every offensive technology under the sun. This means our main foil will be the NSA, but that’s only because they’re the best in the world.

When it comes to securing a data fortress, our first concern should be the same as for any other piece of real estate: location, location, location. Our ideal site will be far from any wireless signals, and preferably surrounded by thick, insulating material. An old concrete basement might do, and we should walk in with a modern smartphone first — if all our connection indicators go blank, this is a good place to start. Our next job is to throw that smartphone away. The NSA loves to insert spies into our pockets, and from this moment on our fortress is off-limits to all electronic devices.
This tiny microphone, placed correctly, could render your security measures totally moot.

This tiny microphone, placed correctly, could render your security measures totally moot.

Now, scour the room. If we’ve been beaten here, (say, if you were stupid enough to Google its map location) then there could be visual or audio surveillance anywhere. We’ll need to sweep the room, and any surrounding areas, with an RF detector and a spectrum analyzer to check for signals. Even so, our next step is to throw some padding over the walls, floor, and ceiling — this will ensure we don’t have to equip a Snowden-style head sock to guarantee visual privacy.

It’s important to understand that even a listening device put in the wall could seriously compromise our security; the venerable workhorse of privacy, RSA encryption, was recently broken wide open with nothing but a microphone, and a whole area of surveillance derived from Van Eck phreaking can see into your activities through sound alone. These and other “side channel attacks” are among the most effective in offensive hacking, not truly beating security but simply exploiting a loophole to great effect.
The program Gilgamesh can force cell phones and other wireless devices to route data through a drone-mounted NSA device.

The program Gilgamesh can force cell phones and other wireless devices to route data through a drone-mounted NSA device.

Now, the computer itself. My preference would be to assemble our own tower from parts, never installing anything like a wireless or ethernet card in the first place. Ordering online might seem easy, but you just never know what you’re going to get, and installing any sort of wireless device is just asking for trouble. Programs like Gilgamesh can force wireless devices to use nearby government installations, such as a router or cell phone tower, while others like Somberknave are made to jump the “airgaps” around unconnected computers. Simply put: don’t use the internet, and if you have to, definitely stay away from wireless technology.

Our system must be based around encryption from the bottom up. Up until very recently this would have meant mentioning the open source TrueCrypt whole disk encryption software, but just a few days ago that standby came into serious question via its own official SourceForge page. Since no one has actually found any weakness in the software yet, we’ll stay with TrueCrypt until the community figures out what’s happening – but be on the lookout for an alternative like Microsoft’s BitLocker. And it doesn’t matter how good your encryption is if your password stinks. Make sure you pick a decent-stregth password.
Resemblance to the Tor logo is purely intentional.

Resemblance to the Tor logo is purely intentional.

Next we take out our DVD (leave the USB keys at home, as they could easily be infected with zero-day malware) and use it to boot into an operating system called Tails. Based on the Debian Linux distribution, Tails is the OS equivalent of Chrome in Incognito mode; nothing is saved, there are no cookies or preferences, and when the system shuts down it’s like you were never there at all. Tails handles all internet traffic through the Tor network (all traffic) but that doesn’t matter for our limited test, since we should be staying offline anyway. Even with the Tor network you can get into trouble online, as it’s possible to track packets moving through the Tor network to a single node within a local network. Even if the content of those packets remains obscured, our location is the first (and possibly last) inroad an attacker will need.
If we want to get truly paranoid, it’s technically possible to tap the room’s electrical wires to glean some information as well, so we’ll also bring in large, reliable batteries so as to avoid any connection to a larger wired grid. As much as possible, all transmissions should begin and end in our secure room, whether they’re transferring information or electrical power.

The NSA has tons of solutions for infiltrating “air-gapped” computers not connected to the internet or any common network, but they still usually require that the computer be connected to a physical, local network. (Interestingly, this implies that they are not designed to attack terrorists or criminals, but corporate or government installations.)

With our digital fortress built, copy over target file and start the clock: our month begins now.

If you absolutely have to connect to the internet at some point, make sure it’s not on any supervised network small enough for your Tor traffic to be noticed (say, a university campus). Try to connect with a physical cable that goes through as few routers as possible before melding with larger, public lines, Tails should keep you relatively safe overall, but you’ll still have to watch out for programs like FoxAcid throwing out dummy URLs that imitate sites like Google to install malware on your system. You have to worry about big-data analysis of your anonymous activities drawing out identifying patterns. You have to worry about the programs and technologies about which the public still knows absolutely nothing at all.
FoxAcid is one of the most dangerous tools on the open internet.

FoxAcid is one of the most dangerous tools on the open internet.

The overall point here is that while security is not impossible, at present practical security absolutely is. The NSA may not be able to “get” anyone they like, but with a large enough investment it can raise the price of fighting to near-total irrelevance. Even if you could be 100% sure that you’re not a specific target for criminal hackers, Chinese spies, TAO infiltrators, or anyone else, this equation doesn’t change much. The number and power of passive target-hunting programs (from government to open-source) mean you can never know when you’ve become one.

The simple fact is that Edward Snowden was able to do what he did thanks to incompetence and naïveté on the part of the NSA, not a lack of ability. Had they actually been watching him closely, Snowden’s security measures would have been laughably inadequate at keeping out fellow government hackers. They weren’t, having been so far removed from Cold War-era suspicion. Now that Snowden’s success has gone public, you can bet people in the NSA are wondering how many files might have “leaked” to the Chinese or Iranians, or even to more friendly economic rivals. There will not be another Edward Snowden — at least, not one so brazen.
Fort Meade, NSA headquarters, with a Heartbleed

Though the guys in this building are certainly powerful, the NSA is not the only attacker you to need worry about.

So, if you take all these precautions, will your file remain safe all month? The truth is that absolutely nobody knows. Analysts and researchers spend a lot of time speculating about just what kind of weapons the NSA might have at its disposal, from super-powered packet injection algorithms to genuine quantum computers. The fact is that the Guardian’s former situation, with an explicitly acknowledged showdown between attacker and defender, is quite unusual; in most cases either the attacker doesn’t know the identity of their target or the target doesn’t know for certain whether they are under attack.

Notice that even the Guardian’s editors didn’t take every one of these precautions. In the real world, the people who truly fear cyber-attack fall naturally towards a good-enough system for their specific situation, endlessly trying for their perfect individual midpoint between expense, versatility, and security. Real cyber-fugitives maintain complex behavioral routines to avoid detection, often working from different connections all the time and periodically switching out hardware. They have to consider things we didn’t, like maintaining alternate online personas or isolating real-world friends. It’s been suggested that some cyber-criminals may be nomads, wandering America, Europe, or Asia as successful but quasi-homeless hackers. [Read: The ultimate guide to staying anonymous and protecting your privacy online.]

In the wake of the Snowden revelations, there has been a massive uptick in interest in privacy and encryption technology. As the community weeds through the weak or compromised software (such as the Heartbleed bug) and develops newly secure alternatives, we will see the first real effort to plug the holes in passive, reliable cyber-defense technology. Right now, there’s no telling whether they’ll have even a little bit of success.


One Comment Add yours

  1. dmcaleb7 says:

    Reblogged this on Caleb Institution.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s