Listening In: Cybersecurity in an Insecure Age

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] [Music] good morning all right welcome back my name is Vince Houghton I'm the historian curator here at the International Spy Museum you should know be mine now so we are now on our fourth and final week of this spring Smithsonian series is that better okay and although we won't be able to see each other again after this week that's not necessarily true we have a lot of great programming coming up as I've told you several times we do have our spring communique out first time last week so the one if you picked up one the first week this one's different tells you everything going up until the very beginning of this summer so a lot of possible chances for us to spend more time together which we're all looking forward to this being our final time we like to thank the Smithsonian associates for everything they've done organizing these events we work with them now for several years and we continue to look forward to working with them in the future of course we'd like to thank Steven Budiansky Steve Vogel and Kristi McCracken for taking the time to come and speak to all of you we are hard at work man okie in the back you may know our director of adult programming is working hard on coming up with what will be the fall series so keep the lookout I won't be anytime soon soon but in the next couple months ish before the end of the spring there should be a an announcement about what the fall series will look like and the kind of speakers we always have fun putting these together and trying to figure out ways to link things and get good speakers so the fall should be no different than that so we introduce our speaker today as Susan Landau who is the bridge professor in the Fletcher School of Law and Diplomacy and the School of Engineering a department of computer science at Tufts University and a visiting professor in computer science at the University College in London her new book which is this listening in cybersecurity and insecure age was just published last November my MIT press no Yale University Press all the other ones run on my tea press that's why I should read she's also the author of surveillance of security the risk posed by new wiretapping technologies in the co-author with Whitfield Duffy tiffy a privacy on the line the politics of wiretapping encryption that's where the MIT press stuff comes in she has testified before Congress most notably regarding the FBI versus Apple case written for The Washington Post science and Scientific American and frequently appears on NPR and BBC dr. Landau has been a senior staff privacy analyst at Google a distinguished engineer at Sun Microsystems and a faculty member at Rochester Polytech Institute the University of Massachusetts at Amherst and Wesleyan University she was inducted into the cybersecurity Hall of Fame in 2015 and for me in the nerd universe that I live in the coolest thing is she has an algorithm named after her and mathematics which you know for space people it's about a planet or an asteroid for mathematicians having an algorithm named after them is pretty cool so without further ado dr. Susan land out thank you [Applause] although in some sense and not in some sense the story started many years before that but Apple really brought it to the forefront and what happened if I can get this to not move too quickly what happened of course is that there was the terrorist activity at San Bernardino the San Bernardino holiday party in which two people a married couple one of whom who worked at San Bernardino at the health department came in with rifles killed 14 people injured scored as others they had pipe bombs that didn't explode then they went off in their rented black suburban they the police caught up with them a few hours later they were killed in the shootout they had destroyed their computers and their personal phones but one of them had a phone that belonged to the San Bernardino Health Department and iPhone and it was locked and law enforcement wanted to get in now at this point Apple had put in security protections into the phone and the security protections consisted of you had to pin to get in you had ten tries with the pin and if after ten tries you weren't able to open the phone the data was erased not only that it slowed down between the tries so there was a little bit of time Beach the first in the second try more time between the second and the third twice as much between the third and the fourth and so on so it made it not easy to do the FBI went to Apple and said undo your security protections they said write a software updates to the phone that undoes lettuce those protections and actually also enables us to try things in bulk to try all possible pins in bulk and Apple said no Apple said no on two bases the first one was that they said that the government was over applying something called the old all writs Act which is a law from the 1700s that says the business the companies must help law must help the government when government is doing an investigation and never said to what extent government and the companies must help there was a case back in that went to the Supreme Court in New York telephone that said yes the telephone company had to give information to law enforcement but this was different because as Apple said in later filings it would take them between two and four weeks with between six and nine engineers working on the system to do that update that was one piece of it the other piece of it was about security and what Apple said and here I'm very pleased because I was the one pushing this argument Apple said that then it would create security problems and that's what I'm here to talk about today so during this through this whole battle FBI kept saying only Apple can open the phone the only way the phone can be unlocked is if Apple creates an update that will unlock the phone I was teaching one day at Worcester Polytechnic fight the fact that it's spelled wor c est er it's Worcester it's one of those oddities of Massachusetts we have many oddities there but that's one of them I was teaching one night at at Worcester Polytech and it was a three-hour class I would take a break in the middle I looked at my mail and there was mail from the Guardian and they said FBI can open the phone did you do it broke no I do I'm doing security stuff but I don't I don't hack this is not my set of expertise that I got what do you think about it so I read something short they said interview I said no I'm teaching I'll write back later then I wrote back later and then they quoted me but but the point was not what the Guardian had to say but the fact that that the FBI had been arguing that only Apple could open the phone and the only way to open the phone was by putting in this update and what happened is has happened repeatedly is in fact there were vulnerabilities in the system that Apple had used to to lock the phone big software is hard to write all of you know this because all of you know that you are constantly updating your devices because somebody finds a bug all of you know about things like the government using hacks to get into systems of air in various ways so the point was that the FBI was wrong they were able to get into the phone it was not a surprise to many people that they didn't find a whole lot of evidence on the phone the they had said maybe there was an 18-minute gap for this audience I don't have to tell you how funny it is that in 18 minutes you know I teach this to undergraduates and they don't laugh but but the point was that they were talking about who else had the had the terrorists communicated with in that gap where they didn't know where they were if they had communicated with anybody else they would have been trails in the cell towers that would have been trails at the ISPs and there weren't so the only information I got off the phone is that they didn't communicate with anybody that's not useless information but it was probably not worth the close to million dollars that the FBI spent on it and so what this is about is really about eavesdropping and it's an argument that's been going on for about 40 years now it started with telephones and now it's moved to smartphones there's a big difference between the two arguments the first argument on telephones is really about the ability of law enforcement to listen in to communications that are encrypted end-to-end so there is a communication key there's an algorithm and a key let me briefly talk I assume that some of you are actually very sophisticated about crypto and some of you or not so let me very briefly talk about cryptography cryptography has two aspects encryption has two aspects it has an algorithm it has let me give you some simple algorithms first algorithm is the one that all of you used when you were kids particularly alphabet be shifted at a certain amount you shift it to letters the key is to you shifted four letters the key is for pretty easy to break that because they're only 26 different keys you can use and one of them is particularly boring you can have a slightly more interesting one in which you take the alphabet and you substitute maybe you substitute with for a aq4 be a T for C and L and so on the people who have worked in signals intelligence who are in the room will tell me that's not very hard to break either all of you play Scrabble will realize it's not very hard to break because for example in English the letter E occurs 13% of the time so you look for the letter in the message that occurs 13% of the time or around that that's probably an E the next most frequent letter is a T you can use frequency of letters you can use frequency of digraphs pairs of letters like th triples of letters and so on a trained crypto analyst can look at a message 25 letters long and decrypt it that's shorter than the substitution table but I'm going too far what I want to point out to you is the algorithm there is substitution the key is the actual table what a gets mapped to what gave B gets mapped to and so on so in so I was telling you about end-to-end encryption end-to-end encryption is when we encrypt my communication from you to me and we're the only ones who are able to listen in it to understand anything anybody who listens in in the middle can't hear anything except white noise only if they're listening in to an extension of my phone if they're listening in you know and they have a bump right by my phone can they hear that was the fight back in the 1970s the more recent fight is about secured devices they're also secured by encryption but they're the fight is about something else that's being about being able to unlock the devices and get the data off of it and that's actually a serious problem for law enforcement it's not only that there's a wealth of data on the phone but we've also transferred a lot of data that we used to have in other ways you picked up a bad guy and he had a sheet of paper in his pocket and it was Chris and a phone number for Chris now that's on the phone so not only is there a wealth of data on the phone but there's some data that used to be available other ways that isn't so as I said Communications is about end-to-end encryption and there's a lot of different forms of end-to-end encryption of whatsapp which is a Facebook product signal telegram and then phones which are the fight is about large devices and they're actually been to crypto Wars my first book written with wit Diffie came out during the to the end of the crypto Wars and we like to feel that we were the ones who helped make it end and then there's the second one going dark now the second one ended right when the second one started right when the first one ended so let me tell you let me tell you a little bit about these two Wars first crypto Wars the first the first fight was over publication of research and in the 1970s the NSA thought it owned publication of a thought it owned cryptography there hadn't been research and cryptography in the private sector in academia but as people began thinking about the Internet and in particular how would two people communicate securely over an insecure Channel I assume all of you know that the internet is insecure yeah right you wouldn't be here otherwise so how do two people communicate securely when you send your credit card over to Amazon your credit card number over to Amazon or your credit card over to l.l.bean how do you know that that's secure well you had to set up some sort of encryption system that you exchanged the key that even if someone was eavesdropping they couldn't figure out how to how to decrypt your communication that was research that occurred in the mid-1970s a large piece of it was due to my co-author with difficult or the first book NSA or some people what NSA said these this publication is problematic maybe we should have prior restraint all sorts of things that battle ended in the late 70s or early 80s and there's been actually a comfortable arrangement between the signals intelligence community and academic researchers and they get along quite well these days in the 1980s the fight was bureaucratic or political it was over whether the National Institute of Standards and Technology then called Nash Bureau of Standards or NSA should control the development of standards for encryption for non national security agencies this is a Washington audience you all know non national security agencies and what that means but why is that important because the standards that are used for encryption for non national security agencies of course make their way into product into product from Silicon Valley and elsewhere Silicon Valley sells about 10% or did then about 10% of its product to Washington so any standard that was developed by by the government and required as a federal information processing standard had to go into those machines in order to be able to sell it once it was in those machines if the algorithms were good if the algorithms were trusted then other countries other companies would use them so whether it was designed by NSA or NIST was going to have very big impact into Moret worldwide acceptance the battle ended with NIST having control non-national security crypto standards are designed or the the the standards are developed by NIST the third battle was over export controls and again it's really nice to talk to a Washington audience because you get the Arkana of all these issues export controls only control what goes out of the country but if you're a Silicon Valley or any manufacturer if half your product goes outside the United States if there's export controls on strong cryptography cryptography that's hard for intelligence agencies to break then you're not going to build two different products it's very hard to say to Europe or you get the weak crypto we keep the strong crypto here so the export controls had the effect of limiting the use of cryptography domestically and then FBI and NSA were largely aligned at that point on the issue what happened in by the late 1990s is you have clinger-cohen which says the Department of Defense has to buy military communications and computer equipment that off the shelf if they possibly can you have the end of the Cold War and you also have the development of ad-hoc military coalition's if you go back to the first Gulf War that's an ad hoc military coalition developed quickly with countries that may not be the US French us friends of the United States three or four years later as opposed to NATO in NATO you can take time you can develop secure communication networks systems and you don't mind sharing it with close allies the the ideas you use behind developing the secure communications but you don't want to do that with allies that are your allies one year and not the next and so being able to buy commercial off-the-shelf equipment was actually pretty important export controls got got largely removed in the late in 91 2000 and NSA was behind this FBI was pretty upset so starting in 2000 the FBI began talking about going dark and it's been talking about going dark ever since and it says it can't do investigations because it has problems with getting the evidence with understanding so I want to talk to you a little bit about various investigations that's a photo of Osama bin Laden's house in Abbottabad one of the interesting things about that house it was a half million dollar house in a country where a half million dollars goes a very long way and it didn't have any communications systems going into it no telephone no internet that's not proof that bin Laden was living there that's not a way to find bin Laden but once you're suspicious that bin Laden is there that is one other piece of the proof that yes it really is him want to talk about a bombing plot that happened in the UK in 2005 so July 7th 2005 four bombs went off three on underground one on a bus caused a lot of deaths caused a lot of injuries two weeks later and the Bombers themselves were killed two weeks later there was an imitation plot and there were actually five bombs but one got thrown into a park the person involved just gave up and decided not to participate the four bombs again three underground one bus the four bombs all went off but only the first piece of a toga night the bigger one and then the bigger one didn't go off so essentially it was a bust the UK uses lots of closed-circuit camera television to to watch things this is a legacy this surveillance society that that the UK has is a legacy of the Irish troubles and has continued with many instantiations including CCTV they were able to pick up photos of the Bombers and they posted those photos all across the press and so people identified them one of the Bombers dressed in a burqa he was six-foot-something dressed in a burka went to the bus station in London went up to Birmingham in the burqa nobody ever noticed or paid attention to the six-foot tall woman in a burqa when he got to Birmingham he spend time in Birmingham and then after a couple of days he stopped wearing he was outside in Birmingham without the burqa his photos had been all over England and he was identified another pair one of them was recognised by a family member who told the police the police figured you know went to the apartment and arrested two of them the third one was the fourth one was the most interesting the fourth one fled to the South of England then came back to London got a passport from one relative got a phone from another and fled first to Paris and then to Milan into Rome the phone belonged to his brother or brother-in-law the police were tracking it they tracked the signal of the phone to Paris to Milan to Rome they didn't think they were tracking him or they didn't know who they were tracking they just found it interesting to track family members they have the right to do that they know that a brother of one of the plotters was living in Rome so they went to that brothers apartment and found their guy now what's interesting about all of this is that if you had asked people 15 years ago are you willing to carry a radio transmitter with you that reveals your your location at all times everybody would say are you crazy I'd like to know how many people here do not carry a radio transmitter with them a handful and it's pretty rare it's probably been at that let me tell you the the third case which is actually to me the most fascinating again it's an old case but it's really quite amazing Prime Minister X Prime Minister Harare was assassinated in Lebanon when he was between times of being Prime Minister that is to say he was out of office he was expected to run again and win and the way it happened he'd been in an inter aaj they'd stopped for a meeting he was getting back in the car and then he decided to stop and have coffee and he they went and had coffee started again and then at some point along the journey they got hit by a truck bomb and they were note said he didn't survive obviously one of the investigators looking at the case decided and this is early days this is 13 years ago decided to look at patterns of cell phone usage in Beirut that morning and discovered very interesting patterns and then then did a pretty long study that the guy by the way was killed as he during the time of doing this investigation but he'd uncovered enough that that people were able to carry it on and what he discovered is there were five groups for groups of phones which he labeled red yellow blue green I think the four groups of phones would talk with each each group would talk within the color the red phones would talk within the red the blue within the blue the Green was in the green the red phones and I'm making this up because I don't remember which one did what the red phones followed Harare the green phone was with the the group that that had the truck bomb I don't remember what the other two did and there was communication between the different colors but only one pair of phones communicated between the that is only one phone from each group communicated with the others the phones were not used for any personal calls they were only used for this a couple of exceptions a couple of times people broke tradecraft and did a call which helped identify them later the phone's tracking the phones revealed where the truck was bought which was I don't remember which country it was not in Lebanon it essentially revealed the entire plot following the phones revealed the plot now I want to talk to you about it yet another case in 2007 the extrude Security and Exchange Commission got a tip that there was insider training from the Galleon Group they did what the SEC always does they start investigating at the low part and start building up but I started talking to the head of galleon Raja ratnam and they did the what they they conducted their initial interview the way they always do it which is they asked it an important question just before a bathroom break just before you know making it appear like it's completely unimportant and they said to him who's this rummy 81 that you've been come you know they said let's take a break we've been working for a long time let's take a break but who's this rummy 81 that you've been communicating with he said Oh Romy Kahn they went to Rome econ they already had evidence on Romy Khan now that they knew who she was of information she was handing to to Raj Rajaratnam they got her to wear a wire she taped him in the end four years later they had 35 convictions he got an 11-year sentence what was the important piece of evidence that worked it was an instant message that said do not buy this particular stock till I get guidance now why am i mentioning this piece of evidence because if you go back 20 years we not only didn't carry radio transmitters our phone calls weren't recorded we didn't send stuff or most of us didn't send nearly as much stuff fight by email and we didn't send instant messages while our phone calls are still not recorded but a lot of our communications go in ways where they remain I am stays around unless you delete it faithfully each time that hadn't been deleted so my point here is that there are various ways to do investigations there's no question that end-to-end encryption and locked phones make it harder for law enforcement but there are alternative forms of investigation that haven't been fully explored or used as much as they should be I want to talk to you a little bit about when things go wrong I don't want to talk to you about this movie which I assume no one has ever seen got a lot of publicity but nobody saw it okay okay and what did you think well you should tell lots of people who make Sony happy so what happens around Thanksgiving Sony executives get a message that you know they have to do something or they will be in lots of trouble they ignore it they get lots of spam they pay no attention and then somebody goes in and completely disconnect Sony from the world the Machine stopped working email stops working email starts being posted people's private emails they made rude comments about Obama and other people that gets posted they made rude comments about other about studio heads and actors and actresses that gets common did it posted publicly films get get released the North Koreans did it how did the North Koreans do it they did it in various ways they got into systems at Sony and pulled data off off machines that shouldn't have been on the machines they breached people's accounts so why do I have a picture of a phone up there because one of the things that Sony didn't do was have two-factor authentication on their accounts how many of you know what two-factor authentication is okay so enough dunk that I should talk about it two-factor authentication is the idea that you're going to have two different ways of identifying yourself and they're not going to be on the same device it might be a password and a little key that you stick into your to your computer it might be a password and a piece of code that you get on your phone and it has to come to your phone now I will give you a piece of advice do not use SM for those of you who understand what I'm saying do not use SMS as your second factor instead download an app that does it somebody can ask me afterwards but I'm not gonna go so geeky here ah so let me talk a little bit more about Sony and the mistakes Sony made Sony didn't realize it was in the bits business the financial industry year realized 4050 years ago that bits are money and that they have to protect bits Sonne I think still thought of films as something that you transport on canisters they knew they sent it via bits they knew whose bits but they didn't realize that the bits themselves needed protection once you think about bits needing protection you think about all sorts of things do the films need to lie on the corporate network no very few people need access to the films themselves that should be on a separate network that needs more authentication to get there once you think about the fact that bits are what you produce then you think about the fact how do I protect the bits Sony didn't think second factor authentication so I want to separate the issues and talk about MTN's encryption and locked phones and I want to tell you what happens if you make end-to-end encryption hard to use or impossible to use or you require that the federal that the government have with what Comey and others have called exceptional access so all of you have heard the term exceptional access okay I'll tell you what I think it means because it's never been fully defined law enforcement has been saying we believe in encryption we believe in security we understand that messages have to be protected but when law enforcement has a warrant we ought to be able to get in and we want exceptional access okay we want the encryption to be designed in a way that it's that that there's access for law enforcement with a warrant so now I take off this I put on a t-shirt I put on my pocket protector and I start being an engineer for a little bit and I tell you a little bit about the problems that exceptional access creates when you're talking about encrypting communications exceptional access breaks forward secrecy if no idea what I'm talking about so back in the second world let me tell you about one more encryption system it is a perfect encryption system it works flawlessly it cannot be broken it's called one-time pad suppose your message is just zeros and ones long string of zeros and ones and your key is also a long string of zeros and ones in some random order the key if you and I have the same key I will encrypt the message by adding bit by bit the 0 and the 1 the zeros and ones in the tool so if you're the first bit of her message is a zero and the first one is minus the zero the sum is a zero if it's a zero and a one it's one if it's a one in the one it's just adding one in 1b gives you zero she has the same key she does the same thing again for those of you who don't know - Z - if for those of you who don't know the arithmetic it's really trivial she adds the key and it gives her back the original message what makes it work what makes it work is the original message can look like anything given the key the key can make it appear to be any message at all it is a perfect system the only problem with it is that we have to meet so that I give you we both have the same key or there has to be a courier that gives us the same key the Soviets were using during the Second World War one-time pads and they had a little bit of trouble getting the keys around so they reused some of them that is the Venona project at NSA which decrypted some of the Soviet communications they kept the Soviet communications during the war they you know they listened in on everything it couldn't decrypt them they didn't have the one-time pad but then they figured out that the pads had been reused in occasional circumstances that's how they uncovered a McClane and Burgess of the the Cambridge five very hard cryptanalytic work done by the NSA it's called Venona you can go to the NSA website some of it is is is their forward secrecy breaks that idea forward secrecy says each message will have its own key we talk right now by phone and encrypt we use this a key then I go do something else we call again later we have a different key I go to a website and they protect the communication they protect the communicate every every time you see an s in the HTTP header it's a protected communication it's end-to-end encrypted but if I go to a site and it uses the same key all the time then somebody could be collecting the information and then if at some point later they figure out the key they can decrypt everything I've read but if we use forward secrecy and change the key with each communication they may have saved everything but now they have to figure out the key for each communication it's much harder we'll go by the way uses forward secrecy which means that anybody listening into a communication you have with Google whether it's Gmail or or maps or search or whatever there's a different key for each communication of course Google itself stores the information that that you've asked so so there's but you're not trying to be secret to Google you're only trying to be secret to every eavesdropping if you have exceptional access you can't have forward secrecy the two two are incompatible because forward secrecy says new key each time that means there has to be the key stored somewhere for someone else to use it's no longer secret next problem is it breaks authenticated encryption all of you know how poor software is and there are lots of reasons why software is propor the reason that except that there's the rush to market if you get to market before you competitor you get a lot more customers right at first and you grow much faster and often especially in social networks and things where network the size of the network matters that's important so there's an incentive to rush to market grab customer attention there's an in the fact that software itself is very hard to design on teaching on monday a class in which i talk about one system that's proved correct and another system that's proved correct and the two were used together for 15 years before somebody noticed that there was a problem because the assumptions over here didn't match the assumptions over there and and and and nobody noticed that subtlety there are other reasons that it's very hard to get software correct it's in in the case of encryption the mathematics is very rarely incorrect we have found very few instances where in a system that has been studied publicly for a while and then fielded the mathematics falls apart we found problems with the protocols the implementations and that includes that kind of picture i just did with my hands and we found problems of course with the actual implementation going from a protocol describing something to actually implementing it error is creep in so one of the ideas we've had in security over the last 20 years is the idea of authenticated encryption I'm communicating with you we want to authenticate so that I know I'm communicating with you and you know you're communicating with me that uses cryptography but we also want to encrypt the communication and one of the things we learned is if we combine those two operations authentication and encryption in one step using the same key it actually simplifies things the more simple you are the more likely it is that the system will actually be correct and they won't be errors in the implementation but if you want exceptional access you can't combine those two operations because you can't have authentication authentication if you let somebody know the authentication key then you're letting lots of people pretend to be you in a communication the most serious problem however is who holds the keys does apple hold the keys does an agency of the federal government hold the keys we had this argument 20 years ago some of you may remember the Clipper Chip the Clipper Chip was a system promote proposed by the US government in which communications would be encrypted with an 80 bit key and the keys would be held by agent to agencies of the federal government it never got anywhere the u.s. proposed it in in in 1993 and pushed it for a number of years and finally gave up in the late 90s when I was writing the book with Diffie what happened well let me back up a second AT&T had been designing a system to encrypt telephone communications when NSA found out about it they said don't use that system which we would have trouble breaking use this system where the keys are 80 bits which is stronger than what you had been doing but the keys are stored with agencies of the federal government so AT&T built a device to attach to a phone that people could use to do encrypted communications their market their intended market was business people especially business people traveling overseas who were traveling somewhere where maybe foreign agents would listen in to their communications and then share corporate information with their competitors so AT&T envisions selling these things essentially in RadioShack and I'm talking about to to function companies they envision selling it in RadioShack when diffing and I were writing our book I talked to AT&T at that point they had sold about 15,000 phones secure phones half of them to the FBI the other half to South America and the Mideast which is 15,000 is not RadioShack sales and and I've just described a market that went nowhere so when you talk about holding the keys holding the keys is the serious issue and it's certainly sungki clipper so why lock phones well some of you will remember when smart phones came on the market the next thing that happened was muggings of phones knock a phone out of somebody's hand as the train is just as the subway cars just metro car sorry it's just about to leave the station grab it and flee the car and what Apple did was put in an activation lock and Find My iPhone and the numbers went way down but there was theft of data from the phones and that's more interesting and more subtle and so what happened there is that Chinese hackers others - but the Chinese are prominent in this particular story found a way to get data off of stolen and lost phones and they sold the data because the data was useful for committing other crimes and they also sold their hack they actually had videos of how to do their hack you can't find them on YouTube anymore but they they did exist in the late 2000s and so that was quite dangerous it made the phones much less useful one of the markets that Apple saw for its phones was used as a corporate phone many of you probably remember blackberries blackberries don't exist anymore essentially and the reason they don't the reason their market share has dropped sorry so few right and more here than in any other part of the country and I won't comment about why but but the reason they disappeared is because the iPhones could take their place while also having apps and that was very useful but if the data on the phones could be taken off and if there were hacks that were being sold to take the data off the phones then Apple saw serious problem Apple wanted those funds to go into the corporate market so what Apple did is they just discovered figured out a way to entangle the user pin with a key on the phone to protect the day first they did email and then the following year they started protecting ninety-five percent of the data on the phone through a key that entangled the pin with the device key and that's why Apple went to securing the phones it was not a Snowden response the architecture and engineering happened largely has started well it all started well before Snowden not all of it was implemented before Snowden it was a four or five year project and it's still ongoing but that's why they were protecting the data on the phones so why lock phones well I've told you about Sony and I told you about not using two-factor authentication but now let me tell you a little bit more about why not using an SMS so for a long time the model for a second factor was you got a message from the site to your phone that was a six digit key and you put that in the in the website you were trying to get to or the account you were trying to get to everybody following me I'm this good problem with that is you may be surprised to know that it's easy to get sub to get a phone company just switch your phone number to another phone you call up and you say I lost my phone I think I think my kid took it and and you know then he took it with his friends and I've asked him but I can't get it back or my husband ran over the phone with the car and I'm so mad or whatever it is you say phone companies are remarkably good about pleasing their customers and in this case they're too good because people have their phone numbers switched to a new device what that means is now the phone call the SMS message is going not to you but to somebody else so here I have a case of a black lives matter activist who's all of a sudden he found his Twitter account tweeting very favorable comments about Donald Trump exactly but a but a recent time story described how this was happening to people who owned large amounts of money in Bitcoin the is one of the things about bitcoin is the transactions aren't reversible unlike normal banking so so and the way the second the second factor was set up was through using SMS messaging so what I'm going to tell you about now is a more secure no no no what happens instead is somebody says move this money you know I'm somebody has already stolen your password so they have your password they log into the account they get the SMS message to they attempt they have the two factors to log into your account they log into your account and they do a transaction that's right so the owner of the real phone starts not getting calls starts having being locked out of accounts and so on but these guys are so fast that that and they may even have a team of people working to do it on various different accounts very quickly before the owner has a chance to respond in the case of the Bitcoin in particular so another way to do this another way to do this is to have an app on your phone do all makes an app google makes an app there's an app called of--they the app on your phone calculates something based on the time based on the device and so on now if somebody steals your phone and can get into your phone then they can get the information on there but the point is if the phone is itself is secure that's one protection the other protection is you know when your phone is taken you don't know if your password is taken you have no idea that your password is taken until an attack has occurred whereas if your phone is taken you say my phone is gone I got to do things so the the apps are a much more secure way of doing this NIST officially deprecated using SMS a year and a half ago I've discovered looking at the NIST website that they felt deprecated was too strong a word and I'm not sure what they're using right now but they certainly prefer apps to to using SMS so now I want to come to something that came out a cup of weeks ago I was on a National Academy study called decrypting the encryption debate most of what we did we did not say encryption we did not say the FBI is wrong we did not say the FBI is right we said it's a complicated issue it's certainly true that that locked phones make life more difficult there are other issues about locked phones that I'll talk about in a minute we mostly what we did is we provided a framework to lawmakers about how you look at the issues what are the questions you have to ask if you're going to put legislation out if there's an alternative system that allows exceptional access how should it be designed what will its costs be how reliable will it be what impact will it have on Commerce what will impact will it have on safety on security you also have to ask questions about can it work internationally you guys are accustomed to taking your phones and using them in other countries but if the US has exceptional access and Germany has exceptional access what happens to your phone as it crosses the border all of a sudden does the German government have access to the data on the phone not unless it's built in in some way but there are a lot more countries than Germany there are many countries how do you do that and we all know the complexity we all know in security that the more complex a system is the more likely it is to have errors inside and flaws once it has vulnerabilities it makes the system less secure what I want to mention here in this particular thing is a statement that came out in the Academy study that said if smart phones are used to provide authentication codes the kinds of codes I just described in a multi-factor authentication scheme then any exceptional access requirement to unlock smart phones increases risk that the authentication codes could be obtained from a lost or stolen phone and one of the reasons that's important to me it was one of the things that I brought up I didn't couldn't bring this up obviously two years ago at the at the hearing the report is two weeks old but second factor authentication is critically important for securing online accounts I said at the hearing and I can't give you more details than what I said at the hearing but I said at the hearing that their various government agencies who have operatives working overseas who use smartphones for the second factor Authenticator and they want to use smart phones commercial smart phones and not some special gadget because a special gadget marks them a smart phone does not so when we talk about this issue we're not talking about security versus privacy we're talking about different views of security about security and enabling vest investigations and security and securing our accounts and securing our identities so I want to give you a short history lesson and I want to talk about the Communications Act assistance for law enforcement act kaliya which was a law that was passed in 1994 when parts of Washington thought the digital move was be going to be towards digital telephony and didn't really see the internet coming and the law was passed because the FBI was really worried about its ability to wiretap and now when I described the particular problem kind of problem it sounds arcane and sort of silly but it's always hard to foretell to few to future technology the way a wiretap works I mean you've all seen the 1930s films or pictures of the 1930s films were somebody standing with earphones in the basement of the apartment building by the 1970s it had changed and what wiretapping consisted of was putting a tap on what's called the frame the phone lines the physical wires would come into the phone company six oh seven eight six oh seven nine six oh eight oh six oh eight one and you put a tap right there by 1994 actually by the late 1980s we had what was called advanced phone switching technology call forwarding it's hard to imagine that call forwarding was advanced but in the late 1980s it was advanced and call forwarding means that the call doesn't go through the switch where the wiretap is it stops at the switch and it goes somewhere else and so the FBI was very concerned about these kinds of problems and it said it wanted capability to wiretap built into the switch now if you think about it for a moment when you build capability to wiretap into a switch you're potentially affecting the security of a lot of people not just the person you're trying to tap when the FBI got this bill passed there was a lot of turmoil between them and the phone companies there was 500 million set aside to update that was well short of what was needed there were lawsuits and so on I want to go in a different direction which is that the FBI works with fellow law enforcement around the world they convinced Europe to pass a similar requirement and my history lesson concerns Greek Vodafone Greek Vodafone had bought a switch from Ericsson this is by now 2004 Greek Vodafone did not want wiretapping capability built into the switch so the switch they bought didn't have wiretapping capability built in then the switch got updated because you know it's electronic updates come in over the wire switch got updated wiretapping capability got built in but Greek Vodafone had not paid for the wiretapping capability so the voter the wiretapping capability was not supposed to be turned on and furthermore any time you have a wiretap you also have auditing capability built in you have auditing built in so you can tell who's wiretapping how long what they're doing get authentication and so on well Greek Vodafone had not paid for the wiretapping capability so there was no auditing capability built into that switch somebody went in and turned on the wiretap I don't know who there are lots of supposition 'he's in fact it may be that the first person who spoke in this series spoke about those but but what we do know is a hundred senior members of the Greek government were wiretapped between 2004 and 2005 the wiretap was shut off what an when the switch got updated and suddenly some SMS went awry and Greek Vodafone began investigating the wiretap everything stopped but one hundred senior members of the Greek government the Prime Minister the head of the Ministry of Defence the head of the opposition party the head of the Ministry of the Interior ten months what was the messages were wire tapped and sent to sixteen cell phones in Athens I'm told that there are other instances of kolya like and Kalia capabilities being used to wiretap and I was told I could say that during the hearing but that if I was asked for details to tell them to talk to the fort instead so I can't tell you either because I don't know the details but my point however is you build surveillance capability into infrastructure you weaken infrastructure structure and you you create an opening for other people so how would police investigate if end-to-end encryption and secure devices were would by default with the norm well I talked to you some about metadata it turns out that the thing that bad guys do of hacking into devices the police and law enforcement can do to what they can do is get a warrant a warrant to get into your phone and figure out or your laptop and figure out which operating system you're running which version of the operating system you're running which applications you're running which versions of the applications are running and then run it against a list to see if they have a vulnerability that they can then exploit to get further information off your device they have to go back in with a second wire or warrant it's never been fully worked out in court if they need two warrants they've been playing it carefully and doing exactly that they've been doing it actually since the early 2000s it's an expensive way to go it's much more difficult than just straight wiretapping and often vulnerabilities get fixed sometimes they get fixed faster than the then law enforcement would like it is sometimes a one-off solution but it is a way to get in when content is really important there's also many other ways to get information I was talking to Palantir in the course of writing this book and one of the things that Palantir told me is that they were working with law enforcement in a situation where law enforcement had a warrant to follow somebody so they were following them partially through automated license plate readers partially through cell towers and in the process of following them notice of course that that's much cheaper to do then than doing it by having a team of detectives switching cars and and team on all the time much much cheaper in the course of doing that following they noticed that there was a second cellphone appearing in all the towers simultaneously they found a second bad guy this is the kind of use of technology that we didn't have twenty years ago our technology enables us to discover all sorts of things that that wasn't possible to do or that was very expensive to do so how would police investigate in in a period of going dark they need to retool to become investigative agents of agents in the digital age I've spent some time talking to law enforcement over the last couple of last five years and often I hear statements like it's too hard I heard a statement a couple of years ago in which the law enforcement agent was saying if we get the communications data the to from what time a phone number was used from one company and we compare it with another company they're in different formats it's hard to use that's the kind of computer science problem that when I mentioned to my class a couple of weeks ago and I had a group of undergraduate computer science majors I said how hard is it they all grinned and they all said yeah freshman sophomore year I'm not trying to make fun of law enforcement because they're very dedicated people they put their lives on the line there are a number of very high-quality tech people in there there simply aren't enough they haven't done the retooling that they need to do assume that all investigations have a digital component and retool accordingly what are the problems and and enhanced corporate outreach to industry I was in Silicon Valley a few weeks ago in Silicon Valley told me about what come I'm not going to mention the company or the particular type of crime but it's a crime that law enforcement talks about a lot as being of concern to them and if there's encryption they can't get at it this company said to me look we can figure out some people are doing this because the communications pattern gives it away in the same way that the communications pattern of the the terrorist group around Harare said something funny was going on if they had been looking for interesting communications patterns they were said this is a funny pattern this is not a start-up or a rock band this is a funny communications pattern this company said we can see this communications pattern is funny and sometimes we go to law enforcement and they follow up they they start investigating get enough in different information to be able to get a subpoena a search warrant and and take out take out the problem take out the investigate and prosecute but sometimes we go to them they say we're too busy it's exactly the same cases as law enforcement also says we can't investigate so there's a real problem here that when I say enhanced corporate outreach to industry enable enable the the outreach to actually net solutions when I talk about it's too hard New York City has set up a digital forensics lab New York's with a hundred people they did it a year and a half ago that's great they're investigating credit card for it fraud they're investigating all sorts of things but New York City is one of our biggest make country cities in the country New York can do it Chicago can do it at Los Angeles can do it Springfield Mass can't do it Charlottesville can't do it I don't have to go through Tampa can't do it they're all too small this is a problem that needs the feds to enable information sharing with state and local on a much better basis there is a little bit there are the reach so there is enter CAC national digital assistance blah blah that talks to them about this company does communications metadata that way this company does it this way this is how you request it and so on there's a regional there 15 regional computer forensics labs they do about 6,000 the 2016 report says they do they did 6,000 investigations which sounds four that helped state and local that sounds great until you discovered that there 15,000 state and local police forces in the country I don't have to do the arithmetic for you to figure out that's completely in adequate there needs to me much better capability sharing there needs to be much more money crime has moved online but our ways of doing investigation have not and so my last point is more funding why encourage cryptography is use well we have unpatched systems we have long term attacks from nation states that called advanced persistent threats that was what went after OPM Deloitte and we have of course zero-day vulnerabilities all of none of these will will encryption fully solve or maybe even partially solve if you have a vulnerability that the manufacturer doesn't know about the bad guy is going to get in but we have a different set of threats and I want to talk to you first about Climategate briefly and then about our different set of threats you probably don't remember them 2008 we actually believed in climate change I mean that sounds I didn't mean it as a joke it was true how the House passed a major bill and then what happened is there was a leak of mails from a research unit at East Anglia University in the UK you guys all do email you know how your flippant how you make sarcastic comments oh maybe I'll spin it this way when you know you have no intention of spinning it this way and you're gonna tell the straight story we're very casual and email the result was these mails were leaked and and the UK papers had a field day but so did the US papers and they went around saying things like look these scientists are lying they're exaggerating they're making up new they're making up data they're making up a story by two years later 57% of Americans believe that climate change is real it was furthermore there was a nine percent drop in trust now when we look at what's happening in the United States I want to do one more example and this is from citizen lab in in Toronto I want to show how reports can get tainted and then talk about the threats to the US citizen lab is a group out of the University of Toronto and they looked at something that happened to the American journalist David Satter he was preparing a report for Radio Liberty this group probably knows what Radio Liberty does yes yes no Radio Liberty broadcasts news from the free world to the rest it's been around since the since the Cold War Satur was preparing a report on radio Liberty's investigative reporting a hacker went in some hackers went in they took the report they changed the report so you can see the lines this is all out of citizen lab they changed the report so that it was not about radio Liberty's investigative reporting but about the u.s. supporting investigative reporting by Russian activists they made it appear that that's what Sattar was doing the point is not what is Saturday the point was that the Russian activists were now being funded by the Americans that's a kiss of death for them in terms of their trustworthiness within Russia and the Russian population these reports these tainted reports were then published on certain websites the interesting part is the hackers were not as good as they should have been so they had versions of the reports published how did they get into satyrs email and accounts the usual way sending him in a message that he clicked on a link by mistake and and and revealed you know password and so on and so forth this is the kind of disinformation attacks we're up against now if I think about the ODN a report of a year ago you guys probably focused on the what it said about we assess Russian intelligence collected against the u.s. primary campaign I focused on think tanks and lobbying groups viewed as likely to shape US policies you guys work in a very rare you live and work in a very rarefied place in the United States and you have many more connections to the legislative process through neighbors through friends through work and so on than most of us do in democracies civil society connects us to our legislators in an a they tell us what the legislators are doing and its impact on us and they transmit our ideas and our concerns back up some of us write to them but more often it's done through something like Sierra Club for Greenpeace their various aspects to a civil society American Cancer Society produces reports and advice the National Academy of Sciences produces reports the PTA is an interface between parents and schools the Southern Poverty Law Center you know all of these now if I think about Southern Poverty Law Center and Planned Parenthood I have no doubt that they have set up their systems to secure themselves against attacks from enemies but they're not thinking of attacks they're thinking of attacks from right-wing people in the United States they're not thinking of nation-state attacks from outside ditto for Sierra Cole for Sierra Club Greenpeace and so on that's of course true what's the effect suppose a report by the American Cancer Society is wrong by 10 or 20 percent on the incidence of cancer or 50 percent on the incidence of cancer from a particular chemical what happens to the trust in the American Cancer Society if it happens not once but twice or three times what about if some discussion in a committee report in the National Academy of Sciences is flippant in the same way that the Climategate report is flippant or that the data and the report gets changed in the last copy before it comes out and Trust in the National Academy of Sciences go down what happens you've seen the types of attacks against Planned Parenthood in the fake videos but what if it's internal stuff that appears to be leaked and is done better than the tainted leaks one was done so these are organizations some of them have more money than other but most civil society organizations run shoestring budgets and they don't have technical expertise is that something that and I want to say the Soviets even though I'm supposed to say the Russians is that something that the the Russians are liable to go up for an attack if you go back and you look at the history of the Russian state 1917 exactly that they went after civil society because destroying civil society makes people have to listen directly to the state there's no barrier in between you can think about the the Soviet Union's response to Pope John Paul because they knew that would affect politics in Poland substantially and and did have a large impact when when the Soviet Union took over the satellite states in Eastern Europe after the war yes they assassinated potential political leaders some of them immediately in the end of the war in the two-year period right after but the other thing they did is they went after civil society they infiltrated civil society with communist leaders and essentially destroyed civil society so that there there was a space for them to change the governments and so so we have a domestic threat here in addition to all the the commercial and threats we've had in the past the going dark debate is not about security versus privacy even though that's the way the FBI has been framing it it's really about the efficiency of law enforcement investigations versus personal business and national security and so I think that there's a strong argument to be made that we haven't been supporting law enforcement in the way that we should I don't think they've been asking for it I don't think they've seen the digital revolution coming in the way that they should have but I think that there does need to be substantially more funding there and training and there's going to be a transition period that needs to happen but when we think about the encryption debate it's about efficiency of law enforcement investigations versus personal business and national security it's really a debate about security versus security and with that I'll take questions [Applause] thank you I think people in mics are in charge of who's doing questions so could you address the reports on NBC last night that six states were penetrated there their ballots their election systems were penetrated by the Russians in 2016 in the sense that if you think the law law enforcement is fragmented federal elections are 50 times replicated each system is different could you just address some of these or so I didn't see the report last night so I can't address the report directly the computer security community has been talking for a long time about the weaknesses of the electoral system and not been getting any attention until about a year and a half ago there are a lot of problems excuse me one of them is that there isn't federal control of the states of the voting system it's done by the 50 states the companies that make the voting machines are do not follow good security practices there's a pile of papers I don't want to I don't want to know say how high but it's it's high on the the vulnerabilities within the voting systems my understanding so I didn't see last night's report so I can't comment on that my understanding my worry right now would be more centered on the voter registration lists and the attempt to manipulate who comes to the to vote and an effect who is on the registration list because the registration lists are online the machines themselves are not online and that's partially because the computer security community has been fighting it for a long time and saying it's insecure but I can't give more of a comment on that yet do we have a serious insecurity there absolutely I think the bigger insecurity is create distrust in the voting system and and and that's one of the pieces that the Russians are undoubtedly doing do you have an opinion on products whether it's hardware or software that are coming from China for the most part having backdoors built-in yes but I mean there's no question that they do and testing these products is really hard and so it's a very nerve-wracking situation we're in and I this is not my expertise so I probably should stop there we have found case will go on permanent to but we have found cases where they are calling home and saying things I don't know what DoD is doing I suspect it's not doing nearly enough in testing and we we've gone from a situation I mean this is part of an economic issue that we've gone to a situation where going digital made everything cheap and we didn't consider the costs in terms of security it's the same thing that we've done with the environment we did certain kinds of you know certain kinds of mining plan mining industrial processes that had long-term costs that we didn't think about some of them were paying for now some of them were not and I think we have the same transition here but to the extent that we've lost the industrial base that's seriously problematic like I can't give you more detail I I don't know if you heard about this guy I think is a professor out of Silicon Valley who talked about the info pocalypse and how everything now that our reality is so influenced by like things like bots and how like on Twitter everything in facebook everything your reality is kind of almost augmented and how that there will soon be like a reality apathy I wonder if you could comment on that at all I don't know feel for you to tell me I'm sure that making sense so I only my experience comes from the following I worked at Google briefly and but I live in western Massachusetts and I had I'd worked at Google for all of a week when I flew home for Jewish holidays and then went to so I flew so my mother and then took the train up to New Haven where my husband picked me up and as we're going out of the the parking lot he hands me a ticket and says I think it's a couple of dollars and I said boy I've been in California a week nobody would ever do it this way with a tollbooth person and some money and that was that was one shock now I teach in Tufts and I I split my life between these two places every morning that I'm in Western Mass I take my dog for a walk in the woods I'm aware that Western Mass is really different from Boston and that Boston is really different from Silicon Valley in terms of exactly the issue you're talking about the and I think it's seriously problematic but I don't I feel like it's outside my expertise to talk about it too much to the extent that the young people have their connections electronically instead of in-person you're making little nods as I'm talking to you to tell me that I'm telling you the things that you're interested in that's useful I mean if you think about when we sit in a car and we drive we can drive perfectly safely talking to the person next to us as long as it's not an agitating conversation we can't do that with a phone there's a higher rate of accidents why because I'm not getting those little nods from you even though you're next to me in the car and I'm not really looking at you I'm driving I'm still picking up all the clues that we use and to the extent that we're losing that personal connection and especially the younger people that's seriously problematic but that's really how how problematic what the costs are and so on is more a sociological question I feel quick to answer hi I was wondering if you had any comments on the idea of police using parallel construction cases in the idea that they would you know they would acquire information by some illegal wiretapping and then you know arrange a convenient traffic stop or something like that so they have a legitimate right right so that happened actually in LA a drug dealer got picked up he made a left turn without a signal and police popped open the truck and found drugs and discover and and his lawyer said that's pretty unusual and discovered that the Los Angeles police had been wiretapping four years before California had a state wiretap law I believe in rule of law and when you talk about parallel construction that's not rule of law I don't think I have more to say do I understand that you're suggesting that we not text directly through the texting but through a different app that you could get up for example on Google okay I tend to clean up my mail a lot because like everybody else I tend to be flippant and then I say oh god what if somebody broke into my account and and saw this I don't want that there my husband has a gmail account and although it bothers me that all the mail is stored forever when I write him I you know if I want to send emails I have to send it through his gmail account so periodically say please delete this one right away and make market delete forever we all make trade-offs about how we want to do things and I do certain trade offs and using privacy protective technology because I teach privacy at Tufts and previously at Worcester Polytechnic I can effectively teach it unless I also experience the pain involved I delete things or I have things inaccessible because they've been private privatized in one way or another I want to feel that pain to understand the trade off you have to decide how important it is to you to protect things I delete all my text messages automatically I just there's no reason for me to save them I don't keep my phone calls I don't record them so I just delete my text messages just use text messaging on the phone I don't do anything fancy but whatsapp does it in a different way so you could certainly use that I however don't have a Facebook account so I can't I maybe this is not your area of expertise but what will we do especially living here in Washington when we hear that of course the president United States denies that the Russians or maybe he's coming around recently and when they asked the head of US Cyber Command testifying before Congress if he's been directed to look into the Russians involvement he said no yeah I mean that is way above my pay grade and I was I was really struck watching Rogers because he was careful with his words but his hands gave him away the level of agitation in his hands was just extraordinary I mean I don't know it but as I said above my paygrade wonderful talk one thing I've always wondered about in terms of voting if you have a ATM card from a bank you can go to any branch and do business but with voting you still have to go to the a single polling station so why hasn't the wood voting be more secure if you could that you had the same kind of technology that ATMs have or even actually doing be able to vote at a ATM through an ATM network so the voting has this problem which is we don't want people to sell their votes so we don't want people to be able to record their votes we don't want a connection between the voter and their vote and that's what that's the technical problem between a behind voting and why voting is complicated so all these moves like out an Oregon to vote by mail are great in one way and bad in another they're great because they encourage higher rates of voting and they're bad because it's easier to show your vote and so that's the answer to your question thanks like I have two questions if I may the first is why does a vulnerability in a software lead to hacking work and and the second wooden would be are you Skype and I use text messaging or all these encrypted okay so why does the vulnerability when there's a vulnerability there's a way the program doesn't work right sometimes it can be exploited to make the program do something else you can you can for example if the program has something called a buffer overflow where a piece of content over writes another piece sometimes you can then use that to give new instructions to the computer to do something it wasn't supposed to do but it's it's hard to explain without actually sitting down and showing you lots of examples encrypted it depends on which text messaging program you're using and I'm not gonna be able to tell you yes to this one and note of that one because I don't keep the list in my head Skype is encrypted it used to be long long ago before Skype was bought by Microsoft that the communications were went peer-to-peer now they're more centralized and more capable of being wiretapped I don't know how Microsoft handles the keys and so I can't tell you more about that that's not public information again you know so their various go-to places right now citizen lab has set up a very nice website on what do you need to protect are you an average citizen are you a journalist are you a journalist working in a particular type of country that's more dangerous or a human rights worker what kind of devices do you use here's what you should do and they are promising to keep it updated alais Electronic Frontier Foundation used to have such a site but hasn't kept it updated so I would go to citizen lab and look at what they've they're suggesting I had a question related to the Harare you said the guy that was investigating in found the pattern with the cellphones was killed was that related to an investigation it appears to be the that whole story The Times magnums magazine had a wonderful description of it it's called the Hezbollah connection connection two quick questions is does US customs still have the right to require you to provide the password to open your phone or iPad when you come back into the country and this happened a few years ago in Houston you may recall and then second let me do the first one first sure okay so they're not required to ask you for a password they were but they are they're not allowed to ask you for a password as far as I know they are allowed to ask you to open your laptop or cell phone which is a slightly different statement I don't think they can ask you for the password up but they are allowed to require you to open it and that's because you have no Fourth Amendment protection outside the borders of the country so I actually was coming from Vancouver down to Seattle by train ten years ago and they opened they asked me to open my laptop and there's a file market surveillance as I said why is that and I said that's what I do I happen to have a copy of my previous book in my bag but and they stopped there but I always thought gee I would love to be able to tell this story in front of a good audience you're the right audience there are bills up in Congress about not having that requirement but as far as I know that hasn't gotten anywhere so they can borrow your ipad or iphone and take a picture of it and return it to you that's right I mean there are things people talk about doing moving all the data off the phone onto the cloud while you're crossing borders and so on and so forth and the other point to make of course is if you're going outside the country then there are places where you do not want to carry your own device mm-hmm well that's a different question the second question is is is the banking system is the electrical the Elector companies who control the grid taking steps to avoid cyber intrusion which could disable them yes and probably not enough banking industry has been aware for 50 years the bits are money and they've worked to protect that on the other hand very weird story out of Indonesia was in Indonesia a few years ago the swift banking network is what enables banks to transfer money across the world and they have good security they always assumed that the banks that were logging into them had good security at the logging endpoint that the banks themselves had defined good security practices for connecting turned out not to be true and so a bank in Bangladesh did not require second factor authentication there was a whole series of transfers for huge millions of dollars over a weekend some of it got caught because they were misspellings but I think there was 81 million dollars transferred in Indonesia of which they got back all but 16 million but that's when Swift said wait a minute in order to use the network you also have to have secure authentication which is defined by the following but sort of they had viewed their role as just being the pipe and they were gonna have good security on the pipe and not on how people connect to the pipe assuming that the the banks themselves would figure that out on the power grid in December 2015 three Russian three or Ukrainian power distribution companies were attacked within a half hour of each other and the power systems went down and went down for about six hours affecting quarter of a million people what had happened to the extent that we're able to deconstruct it is there'd been an attempted hacking of six power distribution companies in Western Ukraine six months earlier the usual kind of thing somebody got him a piece of mail they clicked on an attachment that loaded down malware into the machine the three power distribution companies that were attacked all had slightly different ways of doing power distribution and so this was when when you talk about attacking the power grid one of the things people will tell you about the power grid is you can't bring down the power grid easily the power grid you know bringing down one company bringing down Sony is really different from doing a simultaneous attack that happens bla bla bla but these three were brought down within a half-hour what appears to have happened is the the hackers got in and then spent time experimenting elsewhere on the systems in order to be able to figure out how to bring them down within a half hour of each other so we're talking about a place with not teenagers sitting on a bed playing on a laptop we're talking about nation-state capability and we all know exactly which nation-state it is and and what happened is the they the second part of this story is so the the hackers got into the corporate network there was not a required second factor authentication to get to the power distribution networks there's their separate networks but there's some links between them but there was no requirement to do a second factor authentication to get to the the important part you shut down the corporate network we shutting down the power distribution network is the important part they didn't have that second factor authentication that's second fact out of this story that's important to know third fact out of the story is the Ukrainians were then able to put the power back up within six hours because they had a lot of physical backup things when the the electric boxes got fried they had other ways of getting to it that was a message that DHS has very much taken to heart at first they dismissed the attack and then they said wait a minute no there's something serious and there's something we need to learn so in the course of doing research for the book for listening in I really did some reading about power distribution companies and discovered that we have lots of large ones but we also have lots of small ones so for example near me there's the Holyoke power distribution company with 17,000 customers can that one go down from an attack like this I'm sure but does it really matter it matters to the 17,000 people in in Holyoke but it is not the same thing is bringing down the northeast grid so I would say that we have some lessons learned for Ukraine but we're not as far along as we ought to be but there's there's actually to get back in part to your question we haven't figured out how to respond to cyber attacks we don't know what the right norms are we don't know what the right responses are and we haven't figured out how to respond to information warfare some of that is a problem that comes from the very top and in terms of the last one and not recognizing that it is an attack or not being willing to admit it as an attack but the rest of it is we haven't figured the other pieces out long before that if one was to set up on a virtual private network which I seem to see a lot more about does that do anything to enhance sure that that protects you so you're in a hotel you're at a coffee house it protects your communications from from you to wherever you're trying to go because you trust the the end point of Virtual Private Network Tim edibles then send get away you want to go it doesn't protect you against any hack at the other end it doesn't protect you against a spear phishing attack and so on it's one form of because you'll get a a piece of mail and you'll open it and so it's one form of protection and the problem is that there various complexities and various types of attacks that you may suffer sorry but the other part of it is trying to think about who your threats are so for a long time I thought my threats were like many people in the room not the people who've done intelligence work not the people who've worked at state but but but a normal person normal citizen I wrote a piece about the Russian hacks and and them going after civil society before I did that I said to my husband we need to change how we protect certain things I think I've now elevated my level of you know I know I don't think I'm really important yet but I think I've elevated and I think that's partially it's the answer that when you live on a suburban street you want your door lock to be as good as everybody else's unless you have a Picasso on the wall then then it changes your threat model changes no no we well if you ask the Iranians we certainly had intentionality in Stuxnet we have I was surprised when Obama described the Sony attack as a national security threat it seemed to me I mean my goodness they went after a movie company how is that a national security threat but when I thought about it more and decided he'd made the right call because it was a nation-state going against something within the United States and that was the appropriate call I don't know what we did in response that was not made public we certainly if you if you listened to Cyber Command we have great capability if you look at the slides that Snowden disclosed and that others have disclosed since we have great capabilities I don't know how much we're choosing to use I do know that our capabilities are one of the reasons we haven't been willing to sit down at the table and negotiate about what norms should be and so on that's one set of things but another set of things is information warfare is not something we've ever experienced before and I this this president complicates all of that discussion but this president decide the thinking hasn't happened before about how to handle it and that's come you know so so we could say to the actors we will view this as an act of war we will you views this as as as threatening as going after critical infrastructure but we have to make that leap and we haven't done that and that's a saw aside from recognizing it is a serious problem it's okay it's a serious problem but what is the right set of steps what's the escalation dynamics that you do we haven't done that either part of it is if you think about cyber cyber did not make it onto the worldwide threat assessment on either until about 2010 and it's been at the top so that's something the u.s. does it's been at the top the last few years so that means that whether you talk about voting and the state election officials just didn't pay any attention to the issues that the computer scientists were raising free or you talk about cyber as a threat the political scientists weren't heavily involved until the last few years and part of that discussion comes from political science it's not a computer science discussion and thinking about well how do you how do you deal with this new kind of weapon which is partially against the civilian infrastructure not civil infrastructure but civilian infrastructure all right this is our last question oh goodness this is not as wise the question is some of the other it won't be that was an answer later so we're even so you've mostly focused on smartphones as the access vehicle I was recently on traveled down in Texas and someone broke in my car and stole my laptop I had my smartphone in my own personal pocket so the question to you is what is the degree of vulnerability of laptops relative to what you've taught us today about smartphones just the same and in fact and iPads and iPads and all of them in fact when you hear law-enforcement talk they will use the word mobile devices and they want exceptional access to mobile devices we all hear phones they don't say phones they say mobile devices and they really mean laptops on down but the vulnerability is the same the difference is that we entrust different kinds of information to them and laptops don't typically act as a second factor Authenticator so we have much more on the laptop but it also doesn't act as a second factor Authenticator which would enable people to get into your accounts and I'm sorry to leave you with such a dismal piece of information Susan you are noting that that is dismal you are a fascinating storyteller [Applause] [Music] [Laughter] [Music]

Info

Channel: IntlSpyMuseum

Views: 14,420

Rating: 4.6666665 out of 5

Keywords: Cybersecurity, Security, Listening, spies, spy, digital, Google, privacy, digital security, International Spy Museum, museum

Id: 9TMeGOrghO0

Channel Id: undefined

Length: 90min 30sec (5430 seconds)

Published: Mon Apr 23 2018