20 March 2014. Add comments.
19 March 2014
Skype and Crypto Promoted by Snowden a Ploy?
In connection with using "encrypted, secure connection" Skype for Snowden's
imagery at SXSW and TED, as well as encrypted comms with journalists and
event organizers, what has led these comsec advisors to believe that all
too vulnerable Skype is secure, as well as all too vulnerable popular crypto
pushed for journalists?
Is there any indication Snowden has deployed less vulnerable protections
which have not been disclosed as backing for his encouragement to trust
encryption and to allow Skype to finger his location and leak his comms?
To be sure, many of his remarks seem to be carefully scripted for low-brow
consumption characteristic of journalism. So there may be a secure back-channel
being used with Skype and pop crypto as diversion.
The low-brow slides, clips, short docs, redactions released by the media
point to a deception of some sort yet to be disclosed until 25 years has
passed. Hyperventilating press accounts of the releases suggest either deception,
inexperience or technical ignorance or all.
Still, that kind of misleading comsec deception would be commonplace security
measures characterisitic of NSA and wizards -- to induce the flock to churn
massive amount publicity about encrypted comms -- and Skype -- to camouflage
the Tor-Beyond-Tor, blacker and deeper comms, not to say the even blacker
and deeper tools either not seen by Snowden or not yet released.
More sopisticated would be to use the small amount of NSA releases to cloak
far greater distribution (a method used by WikiLeaks and the black market
as well as the spy industry). That too would closer to what the big boys
and girls do, and therefore would be exactly what they are watching for.
Including watching for ploys to hide ploys.
And like the NSA, why would the Russians not carefully watch whatever comms
originate there by Snowden or received by him? Skype has been ostentatiously
breached by Russia and any of its variations and cloakings would be prime
targets. Nothing is more carefully watched in Russia than crypto, and its
vulnerabilities are meticulously studied and exploited there, in the US and
globally. But there will be no Snowden-like revelations, nor disclosures
of vulnerabilities -- as once there was not by NSA, presuming Snowden is
not running a honey pot to bait the Russians forever fearful of just that.
Paulmd199 tweets: SXSW was a Google Hangout, TED was a Beam telepresence
bot. Neither is Skype. Jus' sayin'.
Cryptome tweets: Thanks for saying. Vulns are similar. RU masterminds
transceivals via sub-data. "Tor-sub-tor." As do others.
If this was a live conference stream with media types, direct Skype may have
been used since:
- Training a bunch of idiots to use something secure is a pain. Perhaps traded
off with a disposable location and/or that Snowden is now diplomatically
safe in Russia.
- Tor's network characteristics are usually ok for some voice, but insufficient
for live media video.
That said, Skype is closed source, carries no future guarantees, and has
a controversial track record... therefore it should not be trusted under
any circumstances. Far better options exist for approaching your private
Per your ruminations on Snowden back channels in RU:
RAPSI, "FSB, Russian police could tap Skype without court order,"
March 14, 2013, Moscow News,
"Since its acquisition of Skype in May 2011, Microsoft has added a legitimate
monitoring technology to Skype, says Maksim Emm, Executive Director of Peak
Systems. Now any user can be switched to a special mode in which encryption
keys will be generated on a server rather than the user's phone or computer.
Access to the server allows Skype calls or conversations to be tapped. Microsoft
has been providing this technology to security services across the world,