Data Theft 101

Search for “data breaches” on your favorite search engine and you will find news of successful attacks involving hospitals, schools, major corporations, and even governments. The problem is rampant, happening on a weekly, sometimes daily, basis. It is clear nothing that is being done now to stop cyber attacks is very effective. Let’s explore how the original design of the Internet, combined with certain laws, continue to make data theft easy for bad actors.

How is This Even Possible?

There are multiple factors at play. The Internet was built prioritizing ease of troubleshooting and diagnosis over security. Man in the Middle attacks, packet injection, and IP spoofing are all side effects. This is because all of these attacks are done using capabilities inherent in the design. The Internet was originally intended for research and was only accessible by select universities, government organizations, and businesses. These are all favorable capabilities from a research perspective. 

Rushed Public Adoption  and CALEA

The rapid public adoption of the Internet led to CALEA, a hastily crafted law requiring core Internet routers (Autonomous Systems or AS) to have the ability to intercept and record any data. Ostensibly, this law allowed law enforcement to eavesdrop on criminals. Unfortunately, this capability enables bad actors and simplifies overreach – anyone with an AS router can record network data knowing nothing more than an IP address and originating virtual port. CALEA has “lawful intercept” provisions, but in a global network, there are ways around those.

Enabling Warrantless Data Collection

Most believe that warrantless data collection is unlikely in the US. However, there is a gray area where CALEA is used together with the Patriot Act or section 702 of the Foreign Intelligence Surveillance Act (FISA). There is nothing stopping law enforcement from recording your data if it happens to be collected as part of a data sweep under FISA section 702. This includes many phone calls. There are even loopholes for law enforcement, as they can ask a partner agency in another country to record the data and pass it along as “shared intelligence”. Even if FISA section 702 expires, this “shared intelligence” loophole will remain.

Anyone Can Collect Data

Data collection is not limited to law enforcement. Without getting too technical, say you connect to a coffee shop’s WiFi. Anyone there could record nearly everyone’s data with free tools from the Internet. Don’t believe it? Look at WireShark’s features. Still dubious? Install it on your laptop and see what happens at your favorite coffee shop. Tutorials are available on the Internet. WireShark can record any data it captures with a mouse click – it’s that simple once you know the basics.

High Profile Data Recording

Between 2015 and 2016, the DNC was hacked and attackers were able to record and exfiltrate data on the local network. They sent the encrypted email data back to Russia, and decrypted it. This not only proved that data could be easily recorded by anyone, but since the email data needed to be decrypted, it tipped Russia’s hand regarding their capability to break standards based encryption. The point of encryption standards appears to be to make sure nation states can decrypt it.

Another high profile instance of data recording and decryption is that of the Oath Keepers’ Signal messages sent before the Jan. 6, 2021 insurrection at the US Capitol. These messages are supposed to be highly secure and double encrypted. US Law enforcement seemed to have all of them. 

Evolving Technology and Techniques

Anyone can use tools like WireShark to employ current data collection techniques on local networks. Law enforcement and state actors can use AS routers. Most critical of all, data can be recorded today and decrypted at any point in the future. Current standard encryption is likely to show no resistance to Quantum Computer methods of cracking. Anyone today can book time on some of today’s early Quantum Computers. As these become mainstream and less expensive, the average person’s ability to crack standard encryption will likely equal that of anyone else.

Abusing Techniques for Cyber Offense

These capabilities and techniques can be quickly used for Nazi style Gestapo surveillance. This is what makes them so dangerous to have at any country’s disposal. Since the Government can do this, why not someone else like we saw with the DNC attack in 2016. That is the core issue with Cyber Offense. Other nation states and bad actors will be able to replicate techniques and won’t be asking for permission from anyone. We need cyber defense that does not allow these types of things to happen – ever. 

Are you scared yet? You really should be. 

Here are some recording techniques from easiest to hardest:

  1. Layer 2 Recording – This involves connecting to a public wi-fi router or attaching to a switch at work and recording the data coming across that local network. This is as simple as installing WireShark, finding the target and pressing record.
  2. AS Recording – This requires owning an Internet AS router. Determine the IP address and port to surveil and start recording. On an Autonomous System, this is automated – just tell the router what to collect. Getting an AS router on the Internet itself is expensive, but not too difficult. A small player can get an AS on the Internet with a modest network if they are contributing the required bandwidth
  3. Man in the Middle Attack – Free tools, like the collection on Kali Linux, are publicly available making intercepting and recording data possible for anyone. This is a bit harder, since you must know two targets and precisely time getting in the middle. There are tools and means to potentially detect the attack has happened. Initiating an attack may not be a big deal, but starting it and keeping it going may prove difficult. It’s much simpler to get an AS router or simply pay someone that already has one like a struggling Mom and Pop Internet Service Provider.

Once the data is in hand, you can go on a Spear Phishing expedition. This is a non technical way to decrypt data. It involves building a relationship with someone with access to the keys and convincing them to give you a copy. This usually includes making that individual believe you are someone else until they give you their encryption key.

How Can I Stop This?

Was that your next thought? We have a solution. Introspective Networks’ SmokeNet products first protect data by removing the ability to record it at Layer 3 and then encrypt it using the most secure cipher known – the Vernam Cipher – protecting the data at layer 2. This protects the data at all network layers. This is a streaming cipher without a static key to Spear Phish. There is a simple premise to the technology behind SmokeNet: anything calculated (legacy encryption) can be solved for and anything random can not. The Vernam Cipher is the strongest level of encryption used by militaries and governments around the world for the most critical secrecy like nuclear launch codes. Traditionally, it must be done by hand. SmokeNet allows this to be used in a network and has solved the problem of securely sending entropy across the network. Academically, the problem solved is “The Key Exchange Problem”. This level of security has not been available before SmokeNet. 

AS and Man in the Middle recording is also prevented. To aid in this, SmokeNet leaves the originating port (think web page Port 80) unknown and changes it randomly at random intervals. This makes putting the pieces together in Layer 3, when it is on the public Internet, impossible. The two (or more) streams of data must be aligned in both virtual space (port) and time (the offset between the Streaming entropy and the encrypted data stream). Since they move by changing ports and networks, just finding the encrypted data and corresponding entropy stream could prove challenging.

SmokeNet provides a new level of protection perfect for Zero Trust Networking. It starts with using the network in a unique, creative way to stop the interception of private data. This allows SmokeNet to apply a new level of encryption that can not be cracked – even in theory. 

Real Network Cyber Defense is available now with SmokeNet.