Wednesday, October 28, 2020


 "Spy agency ducks questions about 'back doors' in tech products" (Menn):

"In at least one instance, a foreign adversary was able to take advantage of a back door invented by U.S. intelligence, according to Juniper Networks Inc, which said in 2015 its equipment had been compromised. In a previously unreported statement to members of Congress in July seen by Reuters, Juniper said an unnamed national government had converted the mechanism first created by the NSA. The NSA told Wyden staffers in 2018 that there was a “lessons learned” report about the Juniper incident and others, according to Wyden spokesman Keith Chu.

“NSA now asserts that it cannot locate this document,” Chu told Reuters.

NSA and Juniper declined to comment on the matter."

"The starkest example of the risks inherent in the NSA’s approach involved an encryption-system component known as Dual Elliptic Curve, or Dual EC. The intelligence agency worked with the Commerce Department to get the technology accepted as a global standard, but cryptographers later showed that the NSA could exploit Dual EC to access encrypted data.

RSA accepted a $10 million contract to incorporate Dual EC into a widely used web security system, Reuters reported here in 2013. RSA said publicly that it would not have knowingly installed a back door, but its reputation was tarnished and the company was sold.

Juniper Networks got into hot water over Dual EC two years later. At the end of 2015, the maker of internet switches disclosed that it had detected malicious code in some firewall products. Researchers later determined that hackers had turned the firewalls into their own spy tool here by altering Juniper’s version of Dual EC.

Juniper said little about the incident. But the company acknowledged to security researcher Andy Isaacson in 2016 that it had installed Dual EC as part of a “customer requirement,” according to a previously undisclosed contemporaneous message seen by Reuters. Isaacson and other researchers believe that customer was a U.S. government agency, since only the U.S. is known to have insisted on Dual EC elsewhere.

Juniper has never identified the customer, and declined to comment for this story.
Likewise, the company never identified the hackers. But two people familiar with the case told Reuters that investigators concluded the Chinese government was behind it. They declined to detail the evidence they used."
Very informative essay!:  "France’s love affair with decapitation" (Massad).  Head lopping - not just for ISIS!

Tweet (Kawsachun News):
"Bolivia's Interior Minister @ArturoMurilloS has asked the MAS to not 'persecute' leading figures of the coup regime. When Murillo took power a year ago he promised to 'hunt down' leftists."
"The Trump administration imposes more vicious sanctions on Iran — partly to tie a President Biden’s hands" (North).  Tweet (Borzou Daragahi):
"Still can’t get over the hilariousness of the guy indicted in scheme to sell weapons to Iran now doesn’t want anyone doing business with Iran"
"The media — and social media — drive to squelch information a menace no matter who wins election" (Taibbi).  Old Rupert seems to be taking an iconoclastic stand for freedom of speech!

Tweet (Herbert West Retweeter) (Russia's greatest love machine):
"Twitter CEO Jack Dorsey faces tough questions over his claims that Twitter can cure Tsarevich Alexei's hemophilia"
blog comments powered by Disqus