Lecture 07 - Societal Security.pdf

Full Transcript

IT and Society
Lecture 7: Security – Societal Issues

Prof. Jens Grossklags, Ph.D.
Professorship of Cyber Trust
Department of Computer Science
School of Computation, Information and Technology
Technical University of Munich

May 27, 2024
Recap – Summary of Theory
ISMS for risk-driven information security management: Selection and
implementation of controls is based on risk assessment
– Continuous improvement should correspond with changing (risk) environment
– Documentation-centered approach
– Built-in performance evaluation (process & controls)
Applicability of 27K series of standards
– Generic, adoptable, flexible
– Domain and expert know-how necessary
– Requirements in the standards scale with different security needs
– Applicable outside ICT and operations
Certification schema available and increasingly used in practice

2
Recap – Security in Organizations

Many high-quality IT security research projects, but too little
data-driven collaboration with industry and policy actors
Science of security management: Scientifically validated
approach to prioritize security measures is missing, but
needed

3
 Lecture 7

Security in Society

4
“Balancing“ (National) Security
and Privacy
A pipe dream?
[Definition of pipe dream = a fantastic or illusory hope, plan, or story]

What is the role of nation states after September 11, 2001?

5
“In the absence of the right to privacy, there can be no true
freedom of expression and opinion, and therefore no
effective democracy.”

Dilma Rousseff, former President of Brazil
(2013 speech at the UN)

6
United States/Five Eyes

Efforts since the early 2000s to ‘master the Internet’ by
the NSA -- and the Five Eyes (more generally)
Our knowledge about diverse efforts has improved
(temporarily): Ed Snowden and other whistleblowers
leaked information about the capabilities and methods of
Western intelligence services
– Five Eyes: U.S., Canada, U.K,
Australia, New Zealand
7
Addendum: NSA History

Largely unknown until 1982
– Historical overview by James
Bamford
– Obtained information through
Freedom of Information Act
(FOIA) requests; from libraries,
informal sources etc.
– April 2001: NSA hosted a book-
signing event for Bamford
8
Programs: Prism
NSA codename for an access channel that had been
provided to the FBI to conduct (warranted) wiretaps
– U.S. law permits U.S. citizens to be wiretapped provided an agency convinces a
court to issue a warrant, based on ‘probable cause’ that they were up to no
good  under supervision of the Foreign Intelligence Surveillance Court (FISC)
 Concern arises here due to scale and scope
Important note: Foreigners can be wiretapped freely
– All an intelligence analyst had to do is click on a tab indicating the believe that
someone was a non-U.S. person
– Inquiry is routed automatically via FBI infrastructure and “content” appears on
analyst’s workstation  What content?
9
 Vast amount of application-level
Internet traffic runs through the
United States
Backbones of many leading
Internet companies are
involved

10
Programs: Telecommunications

AT&T provided the NSA with access to billions of communications records —
including emails and phone call data — as they passed through its domestic
network system in the U.S. The report also found that the company installed
surveillance equipment in at least 17 of its Internet hubs on U.S. soil, had its
engineers test surveillance technology invented by the NSA, and even aided
the organization in carrying out a court order permitting the wiretapping of
online communications at United Nations headquarters in New York.
– Already early evidence (on AT&T) based on whistleblower Mark Klein in 2006
Verizon ordered by FISC to hand over all call data records

https://www.pbs.org/wgbh/frontline/article/how-att-helped-the-nsa-spy-on-millions/

11
Programs: Tempora (U.K. program)
To collect intelligence from international fiber-optic cables
– Essentially more powerful version of Echelon, which tapped the Intelsat satellite network,
keeping voice calls on tape while making metadata available for searching so that
analysts could select traffic to or from phone numbers of interest
[Duncan Campbell, journalist, 1988]
Example Cornwall region: 200 transatlantic fibers were tapped
and 46 could be collected at any one time  up to 21Pb a day 
‘massive volume reduction’ needed
– Use of ‘selectors’ for search: use of 10000s of selectors to sift through 600 Million
‘telephone events’
– European Court of Human Rights (2018) ruled bundle of such programs “unlawful and
incompatible with the conditions necessary for a democratic society”  Consequences?
See: https://www.wired.co.uk/article/uk-mass-surveillance-echr-ruling
12
Programs: Muscular (U.K./U.S.)
Collection of data as it flowed between the data centers of
large service firms such as Yahoo and Google
– Data may be encrypted using SSL on the way to the service’s front end, but it
then often flowed in the clear between each company’s data centers
Snowden: Many Internet communications that appear to
be encrypted aren’t really
– Modern websites use content delivery networks (CDNs), e.g., performance
– While the web traffic is encrypted from the user’s laptop or phone to the CDN’s
point of presence at their ISP, it isn’t encrypted on the backhaul unless websites
pay extra
 Trend towards end-to-end encryption (also via CDNs)
13
Who can spot
the smiley?

14
Programs: Special Collection Service
Various strategies, e.g., to implant collection equipment in
foreign telecommunications providers, Internet exchanges
and government facilities
Tempest monitoring: Collection of information leaked by the
electromagnetic emissions from computer monitors and other
equipment
– Now Tempest standards for shielding electronic devices
Supply-chain tampering: Manipulate purchased products
– Example: Crypto AG
https://www.spiegel.de/spiegel/print/d-9088423.html (in German)
https://www.bbc.com/news/uk-33676028 15
Research Examples

16
Programs: Longhaul, Quantum

Focus on encrypted communications
– E.g., attacks against the 1024-bit prime used by most VPNs and many
TLS connections with Diffie-Hellman key exchange possible?
– See research: „Imperfect Forward Secrecy: How Diffie-Hellman Fails in
Practice (Adrian et al., 2015, CCS)

17
Tools: Xkeyscore

Focus on collected results: Distributed database enabling
an analyst to search collected data remotely and
assemble the results
– Emails, SMS, chats, address book entries, browsing histories
– Example: ‘Show me all encrypted Word documents from
country X’
Focus on target discovery:
– Example: ‘Show me all the exploitable machines in country X’

18
Hacking Tools: Computer and
Network Exploitation
Hacking tools used by the NSA and its allies
– Snowden papers reveal an internal “store” where analysts can
get a variety of tools
– Series of leaks in 2016–2017 by the Shadow Brokers disclosed
a number of actual NSA malware samples, used by hackers of
the NSA’s Tailored Access Operations team to launch attacks
– Some of these tools were repurposed to launch the NotPetya
worm and Wannacry

19
 Relied on the EternalBlue exploit

https://protonmail.com/blog/nsa-ransomware-nhs-cyberattack/ 20
 Responsible Disclosure?

Microsoft
press release

Wake-up call
needed!

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/ 21
Realistic?

Vision/Goal:

To be adopted by
governments

22
Remark on International Relations

“The United States and China agree that neither country’s government will
conduct or knowingly support cyber-enabled theft of intellectual property,
including trade secrets or other confidential business information, with the intent
of providing competitive advantages to companies or commercial sectors.”

How many of the strategies, which we discussed so far, are used for economic
purposes? How much credence do you give the announcement above?
https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states 23
Example: Role of Major Technology
Companies in International Relations

Example Apple:
– Store personal data of Apple’s Chinese customers on computer servers
run by a state-owned Chinese firm
– Apple abandoned encryption technology on other products in China
Another long and complicated story: Google Search in China
But certainly not just problematic in the U.S./China context
Apple: https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html
Google: https://www.technologyreview.com/2018/12/19/138307/how-google-took-on-china-and-lost/ 24
Troubling Role of Specialized
Private Security Technology Firms
Developers of malware to be used by nation states
against terrorism and other actors
Prominent examples:
– NSO Group, Israel
– Hacking Team, Italy
– Gamma Group, UK
Question: How well can deployment be controlled?

25
Case Study: Nutrition Activism

Spyware found on phones
of leaders of nutrition
activism groups in Mexico
– Compromised via Phishing
– Spyware from NSO Group
– Confirmed by Citizen Lab (University of Toronto)

NSO “claims to sell its spyware only to law enforcement agencies to track terrorists,
criminals and drug lords. NSO executives point to technical safeguards that prevent clients
from sharing its spy tools. […] the company had no knowledge of the tracking of health
researchers and advocates inside Mexico.”

https://www.nytimes.com/2017/02/11/technology/hack-mexico-soda-tax-advocates.html 26
Phishing
messages

Recipient:
Director of nutrition
policy at Mexico’s
National Institute
of Public Health

27
Control Such Spyware?

“This is one of the most brazen cases of abuse we have
ever seen,” said John Scott-Railton, a senior researcher at
Citizen Lab. “It points to a total breakdown of government
oversight in Mexico, and a complete failure of due diligence
by the NSO Group.”

https://citizenlab.ca/

28
Where is the Outrage?

Privacy and Security
For the People!

Collective action is hard
to achieve. See lecture
on societal privacy.

29
Street protests
against
surveillance
practices

(2013)

30
https://www.spiegel.de/politik/deutschland/10-000-menschen-protestieren-gegen-nsa-ueberwachung-a-913513.html
31
Nothing-to-Hide Argument

“The argument that no privacy problem exists if a person has
nothing to hide is frequently made in connection with many privacy
issues. When the government engages in surveillance, many people
believe that there is no threat to privacy unless the government
uncovers unlawful activity, in which case a person has no legitimate
justification to claim that it remain private.”

Argument brought forward by
politicians, government officials,
but also individuals
32
Strong Form of the Argument

Security is the strongest argument for government
surveillance

According to the strong form of the argument: “The security
interest in detecting, investigating, and preventing terrorist
attacks is very high and outweighs whatever minimal or
moderate privacy interests law-abiding citizens may have.”
(Solove article)
33
Important Opposing View

Nothing-to-hide argument is an anti-social statement
Privacy should not be treated as something to hide,
but as something to protect
Discussion of goals:
– Balancing privacy against security? or rather:
– Balancing freedom against control?

34
 „
Opposing View (2)

Potential for various forms of abuse of government
surveillance
Similar to: “I don’t care what happens, so long as it
doesn’t happen to me.“
– Rejecting privacy as an egoistic and anti-social act
– No solidarity and „dog-eat-dog society“

36
Poetic form of a 1946 post-war confessional prose by the German Lutheran pastor Martin Niemöller (1892–1984)

37
 Related Context:

Censorship & Internet Filtering

38
Internet Filtering
Motivations for state-directed Internet filtering include
those with:
– Specific emphasis on economics: tax, copyright, intellectual property
– Specific emphasis on children: child pornography, violence
– Specific emphasis on other relevant content categories
Cultural: pornography and gambling
Political: dissidents and independent media
Security: (cyber)terrorism and hacking

Nart Villeneuve, Citizen Lab
39
Filtering Approaches – Technology

National Filtering Systems (e.g., Great Firewall of China)
Distributed Filtering Systems
Temporary Filtering (and DoS/DDoS Attacks)
Application Level approaches

Lots of diversity. Not a comprehensive list.

40
Accountability & Transparency
Most countries that filter are unable or do not want to
publicly answer the following questions:
– What are the blocking criteria?
– Is there a review process?
– What is the policy on collateral blocking?
– Is there a grievance mechanism?
– How can designations be changed if there is
miscategorization?
– How are Internet users informed that they are attempting
to access prohibited content?
Nart Villeneuve, Citizen Lab
41
Freedom
House

2018
rating

lower scores
are better

Category:
Internet
Freedom
Scores +
Reports

Some reports
published
since 1973
https://web.archive.org/web/20190328041642/https://freedomhouse.org/report/freedom-net/2018/turkey 42
(Archived copy from archive.org)
(reversed
the score)

Higher scores
are now better

2020
rating

https://freedomhouse.org/country/turkey/freedom-net/2020
(Reports contains detailed analysis; not just scores) 43
From Filtering to Censorship
Often countries that filter the Internet target content that is
specific to the country itself and is in the local language
Censored websites generally include human rights
organizations, independent media, oppositions groups or
political parties, and religious conversion or spiritual groups
Sites that contain content opposed to or dissenting from the
views of the current government are most often the targets
of filtering
Control over information begins to move from filtering into
overt political censorship
44
Collateral Impact

No games with Kanter shown
in Turkey

45
Involvement of Private Entities
Placing restriction on freedom of speech in a non-
transparent way:
– Often ceding to commercial entities the responsibility of
placing limitations on freedom of speech through tools
that are sheltered from close public scrutiny because of
intellectual property protections
– Collateral Impact: Blocking access to content that was
never intended to be blocked

46
Mission Creep
Empirical Question: Regardless of the initial
reason for implementing Internet filtering, one can
argue that there is increasing pressure to expand “Opportunity knocks
only once,
its use once the filtering infrastructure is in place. but temptation leans
on the doorbell.”

Empirical Question: Governments are tempted to
use it as a tool of political censorship or as a
technological “quick fix” to problems that stem
from larger social and political issues.

47
Takeaways
Significant efforts being done towards implementing data
collection and processing in the name of national security
Similar efforts undertaken in many countries regarding
Internet filtering and censorship
Many challenges which are hard to resolve:
– Grand challenges: Impact on civil liberties

– More well-defined challenges: Like responsible disclosure

48
That was it for today. The End.