Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Insecurity in Finnish parlament (computers)
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 27 Dec 2004 09:10:14 -0600

The NSA has bigger fish to worry about than Finland. =) Sorry

-----Original Message-----
From: full-disclosure-bounces () lists netsys com 
[mailto:full-disclosure-bounces () lists netsys com] On Behalf 
Of Markus Jansson
Sent: Sunday, December 26, 2004 10:17 AM
To: James Tucker
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Insecurity in Finnish 
parlament (computers)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 26 Dec 2004 06:34:24 -0800 James Tucker 
<jftucker () gmail com> wrote:
The only charge appropriate for this case would be what is 
informally 
known as a 'gag order' and will require that you disprove 
under a court 
of law all statements made by Mr Jansson. In fact, you will have to 
prove that Mr Jansson's comments are causing you loss of revenue or 
damaging the overall reputation of your organisation through false 
claims.

Heh, I dont believe there are such laws here in Finland. If 
we where talking about private enterprise or individual 
person, it would be possible if its clear that Im lying and 
causing great damage.


Items 1 to 9 on the list would suggest physical access to a device, 
this is likely to have been contradictory to law.

Perhaps, if you think that *I* got access by using illegal means.
Then, ofcourse, someone would have to prove that and if they 
dont, well...


It is also possible, that he has had only limited access to one 
particular device, this would not be conclusive and may not 
be a true 
representation of the state of affairs of all devices owned by the 
Finnish government.

It is unlikely that all the computers have the same security 
holes for many reason, but I have gotten confirmations from 
several computers/users that atleast most of the issues I 
have described exist in most, if not all, computers.


Item 10 negates the likelihood of physical access, this would 
contradict the above and would seem to make the story inconsistent.

Maybe I didnt (if I did infact myself) have means to access 
everything in those computers...  ;)


Item 12 describes a well known problem, however this cannot 
be fixed by 
the users of the system.

Oh yes, they could and should move from TeliaSonera to Elisa 
for example, that uses secure COMP-128-3 and A5/3. Its been 
years and years since this security hole was shown first so 
they have had plenty of time, but they just dont give a drek 
(both in TeliaSonera and in our parlament).


Furthermore item 12 describes a scenario which simply is not 
realistic. 
Whilst the encryption algorithms in use may be crackable in 
near real 
time on a modern computer,

A5/1 is crackable IN REAL TIME.
http://www.gsm-security.net/faq/gsm-a3-a8-comp128-broken-
security.shtml
http://cryptome.org/gsm-crack-bbk.pdf
http://www.gsm-security.net/faq/gsm-a5-broken-security.shtml


dissection of the modulation scheme and isolation of a 
single device is 
most certainly NOT possible with a single laptop.

Ofcourse you need few additional tools for that, but the 
point is, that the security of the system is broken.


Most likely there are no civilians in Finland with the resources to 
actually carry out the attack described.

Some civilians do have. However, Finnish people are so 
uninterested in politics that they really would bother. ;)  
But other goverments and intelligence agencies would surely 
be interested and willing to wiretap and listen.


Item 13 has more implications than have been considered and would 
require more than a little insider knowledge to pull off the attack.

Perhaps. The issue is, that it can be done and they should 
protect themselfes against it.


In terms of civilian liability this method of attack is absolutely 
absurd. It would require co-ordination from several places and a 
significant knowledge of existing infrastructure surrounding that 
geographical location.

That sort of information is easily obtained. No co-ordination 
is really required, just put up a false GSM base station next 
to our parlament building with a strong enought signal and voila!


Such hard work is rarely necessary, as it would make more 
sense to just 
knock out the government worker and steal their laptop With a good 
getaway plan this would take far less time, and not cost hundreds of 
thousands of dollars.

True, that attack is more potential especially since the 
laptop HDD:s are not encrypted (as they should).


We are discussing government security here, but if there is 
something 
occurring that would concern the NSA or MI5/6 then 
encrypting your GSM 
comms will be the least of your security concerns.

I was under the impression that NSA etc. spy for their living 
anything they can. I bet members of parlaments and their 
assistants are very good targets.


Firstly it would appear that Mark is a common sensationalist.

Argumentum ad hominem. Red herring.


Having taken part in quite unscientific objections with members of 
Greenpeace for a start.

Argumentum ad hominem. Red herring.


Tetra security for example is
claimed to be useless on his site, but once again his lack of 
understanding of Radio Frequency eavesdropping shows a clear lack of 
knowledge in this area.

Red herring.
Useless blahblahblah. Please clarify. Give proper arguments. 
As I sayed, TETRA might be backdoored for NSA as sayed by EU, 
and TEA algorithms are not open and tested for security, so 
there is no point on trusting them. Please tell me what is 
incorrect in those two arguments of mine.


Another clear example of his sensationalist attitude without proper 
understanding or thought is in his discussion of SSH 
security, where he 
claims that authentication keys are useless because they cannot be 
known trusted during the first connection instance (or maybe he just 
hasn't realised you should save the keys during a build??).

Argumentum ad hominem. Red herring.
Dont try to put words into my mouth. I clearly say in my 
pages:"Unless you can receive the publickey or the 
fingerprint of the publickey used in some secure manner." And 
this is absolutely true.


Common reports of Man in the Middle attacks being possible are not 
understood either.

Red herring.
Not only possible but very real and easy to do.


As shown by the idiosyncratic inclusion of a key fingerprint on the 
same page as his PGP key links (for added security!?). If someone 
wanted to sit in the middle, would they not change both the 
key and the 
fingerprint reported?

Argumentum ad hominem. Red herring.
My key is available from various locations, and so is the fingerprint.


There are so many 'bits' that you simply could not filter 
all of them 
using standard electronics.

Red herring.
Actually it sayes in my Finnish pages "they might know about 
it", just translation error.


What you might want to do is provide substantial evidence though, in 
order to not end up in lawsuits.

Contact members of our parlament or their assistants and ask them.
I have.


Markus Jansson
Turku
http://www.markusjansson.net
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at 
https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkHO5O8ACgkQp4wnv3Na2tox5gCguVzXFJkwpVspnbyQf1BdjSUWfWcA
nisJBbqDg/d5IuApeiG0RVYc8qiL
=YEVR
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]