Reuters: Snowden stashed “doomsday” cache as insurance policy against harm
Crypto scheme protecting data resembles creation of a "bad sci-fi writer."
US and British intelligence officials are concerned former National Security Agency contractor Edward Snowden has stored an online "doomsday" cache of extraordinarily sensitive classified information that will be unpacked in the event he is arrested or physically harmed, according to a report published Monday.
The article, headlined Spies worry over "doomsday" cache stashed by ex-NSA contractor Snowden, cited seven current and former US officials as well as other sources briefed on the matter who spoke on the condition they not be identified. The report claimed the cache contained documents generated by the NSA and other agencies that include previously unpublished names of US and allied intelligence personnel. One of the sources described the documents as an insurance policy against arrest or harm.
Ars was unable to confirm the claims in the article, and some of the reported details sounded technically implausible, at least as they were described.
"The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters," Reuters reported. "The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown."
The article stated later: "One former senior US official said that the Chinese and Russians have cryptographers skilled enough to open the cache if they find it."
Strong cryptography generally works using known algorithms and protocols that have been extensively tested. Cryptographers generally frown on the use of time-based locks because they're often vulnerable to attacks that manipulate the underlying clock. Snowden is widely regarded as possessing strong operational security skills, making it unlikely he would rely on such a mechanism. The reference to multiple passwords in the possession of at least three people being required to open the document suggested a server is somehow involved, raising even more questions. It also stands to reason that any truly sophisticated and strong cryptography couldn't be cracked by Chinese or Russian agents.
The description sounded as if it was "re-written by bad sci-fi writer," University of Pennsylvania security and cryptography expert Matt Blaze wrote in a tweet shortly after the article was published. "I assume the documents are in a booby-trapped attaché case with a flashing countdown timer," he added later. Blaze and other security experts speculated the technical details could have been part of a misinformation campaign. Another possibility is that the accuracy of some of the technical details was eroded in the process of reporting or writing the article, either by sources, the journalists, or both.
In the days immediately following the initial publication of documents leaked by Snowden, Guardian columnist Glenn Greenwald said the former contractor distributed encrypted copies of thousands of documents to "several" people. Greenwald said Snowden "has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published," adding "if anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives." At the time, Greenwald went on to say that he had possession of thousands of documents provided by Snowden and that they may or may not constitute the totality of what Snowden took.
Reuters said officials believe the "doomsday" cache is stored and encrypted separately from the material Snowden provided to media outlets. Besides containing the names of US and allied intelligence personnel, Monday's report said the encrypted data also included "information about the CIA—possibly including personnel names—as well as other US spy agencies such as the National Reconnaissance Office and National Geospatial-Intelligence Agency, which operate US image-producing satellites and analyze their data."
No comments:
Post a Comment