Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (51 page)

32. (p. 46) Multiplying two n-digit integers can be done in n log n steps.

33. (p. 46) Although it is believed that integer factorization has a high time complexity, no one has proved that factoring an integer must take more than a polynomial number of steps.

34. (p. 46) Diffie and Hellman, "New Directions."

35. (p. 46) Diffie and Landau, Privacy on the Line, 66-85, 205-206, 219-224, 229-246.

36. (p. 46) "The design and strength of all key lengths of the AES algorithm (i.e., 128,
192 and 256) are sufficient to protect classified information up to the SECRET level.
TOP SECRET information will require use of either the 192 or 256 key lengths" (Committee on National Security Systems, National Security Agency, National Policy on the
Use o f theAdvanced Encryption Standard (AES) to Protect National Security Systems and National
Security Information, Policy No. 15, Fact Sheet No. 1 (Fort Meade, MD: June 2003)).

37. (p. 46) Serving the national-security market would, of course, require not just
implementing AES but doing so in an approved implementation.

38. (p. 47) Hashes function as a way to compactly represent longer pieces of data.
They are used to check whether data has been altered and for this reason are sometimes called a digital fingerprint. A hash is computed of a particular piece of data and
compared to the hash of the data computed at a later date. If the two values are
equal, with high probability, the data has not been changed. Sun Microsystems uses
digital hashes to verify integrity of the binary files of the Solaris operating system;
the hashes are available on Sun web pages.

39. (p. 47) Of course, such problems do occur. During the 2008 U.S. presidential
election, Republican vice presidential candidate Sarah Palin thought she was speaking with French President Nicolas Sakozy. In fact, she was conversing with two
Quebec comedians (who had previously done similar things to other public figures).

40. (p. 47) John Markoff, "`Virus' in Military Networks Disrupts Systems Nationwide," New York Times, November 4, 1988.

41. (p. 48) Morris was convicted of violating the Computer Fraud and Abuse Act
and was sentenced to three years probation and a $10,000 fine.

42. (p. 48) John Markoff, "Author of Computer `Virus' Is Son of N.S.A. Expert on
Data Security," New York Times, November 5, 1988.

43. (p. 48) Hilarie Orman, "The Morris Worm: A Fifteen-Year Perspective," IEEE
Security and Privacy 1, no. 5, (September/October 2003): 35.

44. (p. 48) As per note 41, Morris was convicted of violating the Computer Fraud
and Abuse Act of 1986 (18 U.S.C. §1830) and sentenced to four hundred hours of
community service and a fine of $10,000. The worm's effect on the Internet was
indirect, but lasting; within a few years many organizations had barriers such as
firewalls between their private networks and the public one (Steve Crocker, "Operational Security," in Daniel Lynch and Marshall Rose, eds., Internet System Handbook
(Reading, MA: Addison-Wesley, 1993), 679).

45. (p. 48) Such routing misconfigurations may be propagated by accident; see note
34 in chapter 2.

46. (p. 49) Paul Mockapetris, "RFC 882-Domain Names: Concepts and Facilities,"
November 1983, http://tools.ietf.org/html/rfc882; "RFC 883-Domain Names: Implementation and Specification," November 1983, http://tools.ietf.org/html/rfc883.

47. (p. 49) Zones are a tree structure, with a root at the top that points to its children.

48. (p. 49) There is additional redundancy through replication: root servers and
their IP addresses may name multiple physical servers around the world.

49. (p. 51) This is called time to live, or TTL.

50. (p. 51) It may pick the next one on its list, it may choose randomly, or it may
do something else entirely.

51. (p. 51) Google maintains its own DNS servers, but many zones do not. Instead
their ISPs provide the authoritative information for them.

52. (p. 51) The Google nameservers are nsl.google.com, ns2.google.com, etc.

53. (p. 51) The com nameservers are a.gtld-servers.net., b.gtld-servers.net, etc.

54. (p. 51) The root servers are A.ROOT-SERVERS.NET, B.ROOT-SERVERS.NET, etc.

55. (p. 51) Steven M. Bellovin, "Using the Domain Name System for System
Break-Ins," Proceedings of the Fifth USENIX UNIX Security Symposium (Berkeley, CA
USENIX, 1995).

56. (p. 52) David Dagon, Chris Lee, Wenke Lee, and Niels Provos, "Corrupted DNS
Resolution Paths: The Rise of a Malicious Resolution Authority," Proceedings of the
15th Network and Distributed System Security Symposium (NDSS) (Reston, VA: Internet
Society, 2008).

57. (p. 52) Dagon et al., "DNS Resolution Paths."

58. (p. 52) Dagon et al., "DNS Resolution Paths."

59. (p. 52) There have been incidents in which criminals set up fake ATMs to steal
users' passwords. Subsequently the criminals used counterfeit bankcards with
account numbers and corresponding passwords and accessed the customer accounts
at a real ATM.

60. (p. 52) This is actually an intrusion, not an attack.

61. (p. 52) Cisco, "Cisco Security Advisory: Malformed SNMP Message-Handling
Vulnerabilities Document ID: 19294," Advisory ID: cisco-sa-20020212-snmp-msgs.
Most router attacks focus on Cisco equipment for the same reason that most
operating-system attacks are on Microsoft Windows. Cisco supplies well over half
the routers used in the Internet.

62. (p. 53) If one network is larger than the other, the smaller network typically
pays the larger one in order to be able to send communications over, or transit, the
larger network.

63. (p. 54) Viruses had been developed in computer labs, but this was the first one
"in the wild."

64. (p. 54) The Melissa virus affected machines running Microsoft Word 97 and
Word 2000, as well as various versions of Microsoft Excel. Once the attachment was
opened, the virus emailed itself to the first fifty addresses in the client's Microsoft
Outlook address book. The ILOVEYOU virus also acted on the Windows operating
system and also self-replicated by sending itself to all addresses in the client's
Outlook address book.

65. (p. 54) Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, and Nagendra Modadugu, "The Ghost in the Browser: Analysis of Web-Based Malware," First
Workshop on Hot Topics in UnderstandingBotnets (HotBots '07) (Berkeley, CA: USENIX, 2007).

66. (p. 55) According to software safety expert Nancy Leveson, the shuttle code is
about two hundred thousand lines of code. By contrast, the Boeing 777 airplane has
five million lines of code, while the Linux operating system is over six million lines
long and Microsoft's Vista operating system is even larger.

Leveson described NASA as heavily investing in the code correctness. In the mid1990s, Leveson chaired a committee examining NASA's software processes. At the
time, the agency was spending $100 million a year maintaining the code; it is
undoubtedly spending even more today. The resulting software is highly successfuleven if not fully error free (Nancy Leveson, personal communication, April 22, 2009).

67. (p. 55) The blocking is done through closing the "port" number through which
the application travels.

68. (p. 55) This has been done several times by the Chinese government after protests in Tibet were shown on the video-sharing site.

69. (p. 55) James Fallows, "The Connection Has Been Reset," Atlantic Monthly Online,
March 2008, http://www.theatlantic.com/doc/200803/chinese-firewall.

70. (p. 55) Open Net Initiative, "Telus Blocking of Labor Union Web Site Filters 766
Unrelated Sites," Open Initiative Bulletin 010, August 2005, http://opennet.net/
bulletin s/010/ONI-010-telus.pdf.

71. (p. 56) Van Jacobson, A New Way to Look at Networking, Google Video, 40:39.

72. (p. 56) Jonathan Zittrain, "The Generative Internet," Harvard Law Review 119
(2006): 1980.

73. (p. 56) There is an ongoing effort to create a legal system that enables such
sharing. Creative Commons offers licenses that allow creators-artists, scientists,
engineers-to delineate the restrictions that apply to the shared use of their content
(e.g., "Attribution required," "No commercial reuse," etc.). Content licensed under
Creative Commons license is allowed to be shared, but the creator can limit usage
in certain ways; see http://www.creativecommons.org for more details.

74. (p. 57) Skype, "P2P Telephony Explained-For Geeks Only," http://www.skype
.com/help/guides/p2pexplained/.

75. (p. 57) U.S. Congress, House of Representatives, House Committee on Oversight
and Government Reform, Inadvertent File Sharing over Peer-to-Peer Networks: Hearing
before the Committee on Oversight and Government Reform, One Hundred and Tenth
Congress, First Session, July 24, 2007, Serial 110-39, 2.

76. (p. 57) The latter is already true in some countries. In Italy, for example, users
in Internet cafes are required to show identification before being allowed to log on.

77. (p. 58) One could use an "overlay" anonymizing network such as Tor (short for
"The onion routing").

78. (p. 58) Jeffrey Hunker, Bob Hutchinson, and Jonathan Margulies, Role and Challenges for Sufficient Cyber-Attack Attribution (January 2008) Hanover, NH: Institute for
Infrastructure Protection, Dartmouth College.

79. (p. 58) T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino, "Impact of
Artificial `Gummy' Fingers on Fingerprint Systems," Proceedings of SPIE, vol. 4677,
Optical Security and Counterfeit Deterrence Techniques IV (2002) San Jose, CA: SPIE.

80. (p. 58) One company that does this is Akamai; although it may look as if the IP
address is cnn.com, in fact the IP address points to an Akamai server with the CNN
content. This server is close to the user (where "close" is defined by network connectivity). Companies use Akamai to speed content delivery to their customers.

81. (p. 59) Siobhan Gorman, "Electricity Grid in U.S. Penetrated by Spies," Wall
Street Journal, April 8, 2009.

82. (p. 59) Diffie and Landau, Privacy on the Line, 45-46.

83. (p. 59) See chapter 7 for a discussion of Soviet interception in Glen Cove, Long
Island, and Washington, as well as in Lourdes, Cuba. The Lourdes station was
capable of picking up satellite transmissions to locations all along the U.S. East
Coast. The San Francisco trunk line was protecting communication from Lockheed
Martin, which was working on the Poseidon missile.

84. (p. 60) One solution is Tor, an overlay network running on top of the Internet.
This provides anonymity. It is discussed in chapter 6.

85. (p. 62) Meredith Baker, Acting Assistant Secretary for Communications and
Information National Telecommunications and Information Administration, letter
to Peter Dengate Thrush, "Public Comments: Improving Institutional Confidence
in ICANN," http://www.ntia.doc.gov/comments/2008/ICANN-080730.html.

86. (p. 62) A signature guarantee is an authentication of your signature. It is usually
performed at an authorized financial institution. Signature guarantees are considered more reliable than notarized signatures.

87. (p. 62) There are corresponding complexities in the infrastructure as well: at
least for many states, the only infrastructure needed is that the notary files a form
with the state and pays a fee, while signature guarantees require that the financial
institution participates in a signature guarantee program.

88. (p. 62) This attack was discovered by Dan Kaminsky, who attempted to have
patches installed in the DNS nameservers before the attack became publicly known.
This did not happen, but most nameservers were patched fairly quickly after the
vulnerability was made public.

The idea behind the attack is simple: set up a hacked DNS nameserver that stores
bad IP addresses for various sites-that is, false addresses where the users can then
be fooled into releasing valuable information (such as account numbers and passwords). Because the DNS protocol was set up to allow a response to a DNS query to
return not only the IP address that was requested, but additional IP addresses for
other sites, once the hacked DNS nameserver was queried, it would spread the false
IP addresses to legitimate DNS nameservers, which would then cache them (David
Schneider, "Fresh Phish," http://www.spectrum.ieee.org/print/6818).

89. (p. 62) J. Loughney, ed., RFC 4294: IPv6 Node Requirements, RFC 4294, April 2006,
http://tools.ietf.org/html/rfc4294.

90. (p. 62) S. Kent and S. Seo, RFC 4301: Security Architecture for the Internet Protocol,
December 2005, http://tools.ietf.org/html/rfc4301; R. Housely, RFC 4309: Using
Advanced Encryption Standard (AES) CCMMode with IPsec Encapsulating Security Payload
(ESP), December 2005, http://tools.ietf.org/html/rfc4309.

91. (p. 63) Sheila Frankel and David Green, "Internet Protocol Version 6," IEEE
Security and Privacy 6, no. 3 (May/June 2008): 85.

92. (p. 63) Marjory Blumenthal and David D. Clark, "Rethinking the Design of the
Internet: The End-to-End Arguments vs. the Brave New World," ACM Transactions
on Internet Technology 1, no. 1 (August 2001): 70-109.

Chapter 4

1. (p. 65) 18 USC §2510-2521.

2. (p. 66) James Otis, "Against Writs of Assistance," February 1761.

3. (p. 66) 1 Stat. 232.

4. (p. 66) Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of
Wiretapping and Encryption, rev. ed. (Cambridge, MA: MIT Press, 2007), 145-146.

5. (p. 66) Ex Parte Jackson, 96 U.S. 727, 733.

6. (p. 66) Heros von Borcke, Memoirs of the Confederate War for Independence (New
York: P. Smith, 1938), 168.

7. (p. 66) Samuel Dash, Richard Schwartz, and Robert Knowlton, The Eavesdroppers
(New Brunswick, NJ: Rutgers University Press, 1959), 25.

8. (p. 66) Dash, Schwartz, and Knowlton, The Eavesdroppers, 28.

9. (p. 67) Olmstead v. United States, 455-456.

10. (p. 67) Diffie and Landau, Privacy on the Line, 148-150.

11. (p. 67) Louis Brandeis, dissenting opinion in Ohnstead v. United States, 475-476.