> "all our work is intelligence-based"
brings a whole new meaning to the word, doesn't it?
A mobile phone security researcher has been left baffled by UK government airport authorities, who impounded basic equipment while claiming that he could be illegally exporting high-end code breaking technology. The action meant he had to cancel a demonstration of a groundbreaking exploit of GSM encryption in the Middle East …
... Like i'd do with any kind of data I wanted kept out of HM / US customs hands (Like bank statements, contact lists, personal emails etc), mail it to yourself at the destination, under a pseudonym if necessary, and pick it up on arrival. USB memory stick with a TrueCrypt partition seems like a good plan, or just sending any electronics as a Gift.
If they're going to make it a fucking hassle to get through customs with inocuous gadgets or work-required aparatus, they should expect regular people to start subverting the system.
No, i'm NOT prepared to miss flights so they can PRETEND they're stopping terrorism. The only issue is that too many people ARE willing.
... so they can do it to us.
> Their undetectable method impressed by being up to 10,000 times faster than the brute force number crunching it's thought government agencies use
If this really does what it says on the tin then it'll be very useful. Maybe cutting research budgets and spending the money on security efforts like this is more cost effective after all.
I wonder if he stands any chance of getting his kit back after the govt. have reverse-engineered it? ...... nah!
Intelligence is getting experts to do this, and to put back together dismantled gear properly obviously - techs aren't known for their customer service, but they should have got an expert with the customs guy to examine it. I'd call that a claim for loss of earnings, especially as GHCQ seemingly approved the disclosure of this!
Having said that, how big are these things? I'd have taken it in hand luggage personally, in the way that if I was DJing abroad my laptop + key CDs would be with me in the cabin and a change of clothes/undies.
More than likely HM Gov just wanted a copy of the source code that's 10,000 times faster than the version they have.
I bet next time he'll send the PC + phone via DHL a week in advance!
Given the physical size of MicroSD cards these days, you could smuggle who knows how much "restricted" material on something you could hide in your ear!
...they knew what he did for a living, they knew he was leaving the country and what he was taking with him. He'd had prior contact with the SigInt branch. And they still couldn't be bothered to do the homework necessary to check that what he was taking was what he said it would be, or fill out the paperwork properly.
It has been obvious for some time that HMRC have too many discretionary powers. While they need an amount of freedom to act to do the job with which they are tasked, they have to be held accountable for their SNAFUs. At the very least they should be liable for replacement of items damaged in their searches when no charges are brought, but that is really only the tip of the iceberg. If they were accountable they'd take a wee bit more care when dealing with the people they're supposed to be *protecting*.
""all our work is intelligence-based"
Also perfect for "loose" Affiliates, Sebastian. And with Darling Alastair pimping £50Bn to generate Cash/Cache Flow, what a jolly good time to put in a Bill for Services Rendered 42 Energise Services yet to be Rendered.
Normally, although some might think it somewhat Alien, One could be really bold again and render them a NI number to XReference for AI Working Current Account which they could Credit with the Hypermanic Quantum Seven Sevens Seven figure Sum, which renders to them Magical Mystery Turing Tips and Trips, but the System doesn't recognise it. ....... which is quite Clever by IntelAIgent Design .... or just the Normal Sub-Prime, Below Par Performance from a Government System lost at C.
How do you prevent the export/third party proxy export of any cryptanalytic technology or information that you don't own/haven't paid for/don't know? And that question to Donald of Rumsfeldism for he'll have a dodgy answer, I'm sure .
The simple answer would be to purchase it with a wad of cash which will never disappear and keeps everything ship shape and Bristol fashion..... for that AI Mutual Benefit thing which gives Virtual Reality ITs Kick Start and Go.
My guess? Some big company exec, scared that they might have to spend some money fixing their product, complains to their school chum in government, who calls his mate at the appropriate bureau, who then arranges for this utterly ludicrous attempt to intimidate and silence yet another security researcher.
I see that the UK is well on its way to being a police state if they can arbitrarily confiscate anything while admitting they don't know what it is. I guess they don't even need warrants or anything else anymore.
Getting happier I left really. I still miss home, but the more I look back at the place the less I want to go back.
Some 20++ years ago, a company, Datong, made a product that would (IIRC) by means of multiple (8?) antennas and a damnded smart analog FET profiling scheme, accurately pinpoint the compass bearing of a radio signal. Brilliant. But, the UK Gov. got wind of it, and for awhile stamped on it, quoting "Official Secrets" ("Terrorism" would've been shorter, but we didn't have them bastards in those days). Almost put the company out of business. When the spooks relented, I think the company got about a quid in compensation. Gov. probably stole the invention, but I'll never know in my lifetime.
Fill in the blanks, someone. I think I've got Alzeimers, but I can't remember quite what it is. Or how to spell it.
Like "Yeah, right" above, I've no intention to ever return to that wretched 3rd world Stazi training ground called UK.
Hmmm... no doubt the official was a spook. After all, why bother tasking GCHQ / CESG to knock out one of these went you can just go and pinch it.
Next time he should encrypt it AES-style on an SD card. They'll probably get in, but it'll make the sods work for it ;-)
Ironically I tried to read his blog from my Vodafone 3G-enabled laptop, and have been denied due to "Content Control - Restricted Access".
So no doubt I'll be getting a visit from the Men in Black soon...
They didn't take his software, nor the FPGA which was probably programmed to assist the process, instead they confiscated an electronic circuit board, the schematics and layout of which is available under an open source license and which can be purchased freely by mail order for about 700 USD. This circuit board contains no software, it is a general purpose radio transceiver which can do any kind of radio tasks for any kind of radio system (including GSM) by way of software programming (the software for which resides on the laptop computer to which the circuit board needs to be connected via USB).
If they had wanted to "steal" the cryptanalysis method, they would have needed the software which was on the laptop (and probably the FPGA too) which they didn't confiscate. Definite proof that they were indeed totally clueless.
According to Word Web the definition of intelligence is.-
1. The ability to comprehend; to understand and profit from experience.
2. A unit responsible for gathering and interpreting information about an enemy.
3. Secret information on an enemy.
4. Information about recent and important events.
5.The operation of gathering information about an enemy.
It doesn't look as though any of those apply to HMRC in this case.
"The Ministry is named for the opposite of who it works for." should just read
"The ministry is named the opposite of what it does."
Ministries never do anything "for" anyone. They develop their own priorities upon their creation.
The first directive is "self-preservation".
The second directive is "self-perpetuation."
The third directive is to oppose the function of whatever their actually charged with.
Thus we have a department or ministry of defense which makes us attack, not defend anything.
Thus we have a CIA or MI-# which makes us behave stupidly.
Thus we have a House of Representatives (US congress) or a House of Commons (UK parliament) which is not representative nor common.
In the 'States, we have you beat though. We have an extremely expensive health (don't) care system which is in the process of killing us all by denying us coverage when we need it.
You've got the National Health.
"who knows how much "restricted" material on something you could hide in your ear!" Not unless you are a bleeding elephant, mate !! Now, I wouldn't dispute what you might hide at the other end but they are going to deploy millimetric-waveband radar at airports soon !! Alternatively, you could try taping a memory stick to your todger !!
It's a criminal offence in the UK to not hand over encryption keys when requested by court order, penalty of 2 years in prison for most cases, 10 years if involving terrorism or child pornography.
"I can't remember" gets you 2 years.
"There's no hidden volume" gets you 2 years, even if there isn't one.
Come one, come all, into 1984.
It’s gems like this that makes me love the Reg. How many thousands more people know about this now?? If aiming to limit the knowledge was the aim, then it’s a spectacular Riise-like own goal.
As for the researcher – I’m not convinced on his indignation. His g/f is pregnant – and he bemoans the fact his sim was nabbed! Eh?? WTF?? How many in the IT/security industry rely on only one place to keep essential info? I for one keep an old fashioned piece of paper with numbers on it in my wallet (and possibly diary in luggage if going for a while). Anything with a battery is liable to either break, run out of juice at exactly the worst moment, be nicked, be confiscated by idiot customs stasi etc. Zero marks for common sense.
Given the other story in the Reg about laptops/USB keys etc being “open season” at Customs – then I’ll make sure I always have a hefty TrueCrypted disk filled with thousands of (clothed) photos of our Beloved Paris and a text file saying “Paris loves Steg”. I will obligingly decrypt the volume of course. They might suspect that Steg stood for Steganography, but I would of course claim that Steg was a reference to sex with dinosaurs ;-)
Or, I could just use something like this:
I'm sure that GCHQ/CESG knew exactly what was on the various items he had with him, but that taking the phone and the software defined radio would make his demonstration impossible to carry out.
Remember that various countries in that area use A5/2, the weaker of the two GSM cipher algorithms, and I'm sure that various agencies get suitable intelligence from cracking this on an as-needed basis.
You don't want the locals being alerted to how poor their air interface security is, they might then decide to improve it.
No demo, no worry, no changes to the cosy status quo.
There was that series of Robot Wars where Team Diotior were frantically trying to rebuild their robot after Customs forced them to dismantle most of it. I was wondering at the time whether they really had no idea what Diotior was, or whether Customs were just trying to give the home teams a leg up.
Thanks but no thanks, Excise guys.
They may appear to be twits. They might even employ clueless minions to interact with the public. But they are *much* sharper that you give them credit for. You see the personna they want to expose. Keep thinking of them as idiots, and you won't be nearly as careful as you should be with your secrets.
Reminds me of the line from "The Usual Suspects". "he greatest feat the devil ever pulled off was convincing people he didn't exist"..