The Retroscope At Play

By now, the establishment ought to be painfully aware that the FBI/NSA retro-scope is aimed at them, as well. Sometime in the next couple of years I expect a legislative backlash, especially if it keeps being used to take down friends of the high and mighty.

What’s interesting is that the FBI has stopped playing coy about how they are accessing the material, and what sort of material they are accessing:

In a letter to the presiding judge in the case against Michael Cohen, President Donald Trump’s long-time personal attorney, the US Attorney’s Office for the Southern District of New York revealed today that it had obtained additional evidence for review—including a trove of messages and call logs from WhatsApp and Signal on one of two BlackBerry phones belonging to Cohen. The messages and call logs together constitute 731 pages of potential evidence. The FBI also recovered 16 pages of documents that had been shredded, but it has not yet been able to complete the extraction of data from the second phone. [ars]

I did a google image search for “retroscope” and look at this beauty!

Remember, you’re supposed to believe that WhatsApp and Signal are “secure” and that the FBI has trouble accessing data off of them. For that matter, you’re supposed to believe that Blackberries are “secure” too. I’m sure that’s why Michael Cohen used one – certainly nobody would use a Blackberry because it’s a good phone. Blackberries were designed to implement a variation of the New York Reach-Around [stderr] – since their server communications were up to Canada, it was “international” and therefore NSA was spared the trouble of having to pretend FISA courts mattered. Blackberry’s whole “security” game fell apart when other countries – most notably India and Saudi Arabia – realized what was happening and started asking Blackberry to give them the keys to the crypto, too. [guard]

[Here’s a simple test for how you can decide if an app has encryption that doesn’t have backdoors for the local cops: if it’s allowed, it does. [phys] And you should assume that any messaging system where the messages are going through a cloud service (that’s all of them) the servers have mandated backdoors. Otherwise they would not be allowed to work. [fr] Apple fans do not rejoice: Apple is just cagier than Facebook about how they answer those questions.]

So, Cohen’s got Signal and WhatsApp messages on his Blackberry. Normally, the way a forensic security analysis works, the cops grab the phone and don’t let the phone’s owner lock it. If it’s unlocked, then there is a playbook for each type of phone/OS and how to drain the data off it. For example, and IPhone may ask you to re-provide the PIN before you sync it, or before you change the PIN (remember when Apple started doing that? Yeah, that was one of their tiny little kicks against the power of the FBI and the FBI took revenge by threatening all sorts of dire consequences for Apple and tried to smear Apple with some responsibility for the Pulse Nightclub massacre. Nice guys, the FBI…) Anyhow, there are plenty of ways to skin a cat – once you have access to the device you can pull the memory out and look at the contents directly, bypassing the operating system. From rumbles I’ve read some of these popular messaging apps use miniature SQL databases and the programmers relied on the high-level database ‘delete’ function to remove messages – instead of “store garbage over the message; delete the message” which is what a programmer who knew anything about security would do. Forensics guys I know have told me that you can find messages going back quite some time, depending on how the user of the device does their messaging (a large attachment is going to create a big “hole” when it gets freed and may take months or years for smaller messages to fill the hole and overwrite it) Anyhow, here’s Cohen – a paid-in-full member of the privileged elite, having his digital data pored over by cops. You’ve got to imagine that any power-hungry American oligarch with two neurons left has to be thinking “hey, how can I do security like Hillary did?” [The answer is here]

The FBI appears to have further tipped its hands, though: “the call logs.” What? Those are not stored as long-term user data on the phone. The FBI got those from someplace else. They got them from the retro-scope.

Paul Manafort is also getting a feeling for how the retro-scope works. Again, the FBI – which is primarily concerned with threatening him by showing him how much they have on him – is giving away a great deal of information about their sources. [wp] [There is a story in all of that about why the NSA does not trust the FBI: they’ll blow huge covert ops if it’s convenient to them so they can threaten a suspect, and spooks hate that.]

“This is not middle school. I can’t take away his cellphone,” she [the judge] said. “If I tell him not to call 56 witnesses, will he call the 57th?”

When your suspect is an idiot, you happily leave them their cell phone, knowing that they’re an idiot and hoping they will call the president of the United States. But, you take what you can get.

“We learned about it because a witness in this case brought forward information about the tampering. That’s when we started investigating,” Andres said, adding: “There is no way to monitor Mr. Manafort’s communications. At the least, he has shown he is adept” at making them.

Yeah, uh-huh. Let’s all pretend to believe that. The media, which is just repeating talking points that are given to it, does not ask: [cnn]

In late February, the new filing says, Manafort “repeatedly contacted” two anonymous people who may be witnesses against him, called Person D1 and D2. Those two people had previously assisted lobbying and public relations efforts that Manafort masterminded in the US and Europe. They have recently helped investigators find evidence of the witness tampering effort, prosecutors said.

Presumably those “anonymous people” were confronted by FBI agents who showed up on their doorstep and asked if they’d be willing to testify that Manafort had attempted to suborn perjury. They said, “how do you know he called!?” and then they said, “I need my lawyer.” And the FBI guys said, “Come on, play ball. We all know who talked to whom and when, and if you’re reasonable the only person who gets thrown under a bus today is Manafort.” See, the problem with being a douchebag like Manafort is that you hang out with douchebags and your ‘friends’ are all douchebags and there’s no honor among douchebags. There’s no honor between the FBI and douchebags, either.

Manafort’s contacts with the two potential witnesses started benignly enough, with phone calls and text messages through the service WhatsApp.
“This is paul,” the first encrypted text message that the government obtained said.
Then, two days later, he sent a news article about the Hapsburg group revelation in his court case. “We should talk. I have made clear that they worked in Europe,” Manafort wrote.
He called Person D1 five times in late February.
Person D1 tried to avoid him, even hanging up on one of the calls, the prosecutors said.

“The encrypted text that the government obtained said”

In the case of Michael Cohen, they pretended that they pulled his comms out of forensic analysis of his Blackberry, but they gave the game away with Manafort: they probably subpoena’d WhatsApp and were given a fat USB stick full of the cleartext of all of Manafort’s messages, and got a call log from his phone provider, and detailed network connection traces, too. Probably URLs. The providers have all that stuff; it’s some of the vital information about user activity that they keep and use for “big data” marketing purposes. And to fulfill FBI requests.

------ divider ------

Whenever I think of this stuff I start thinking how fun an “art project” it would be to make an actual secure communications terminal. One that used spread-spectrum messaging (messages get fragmented and uploaded to multiple places using steganography) and large single-use keys [otp] – storage is cheap enough that you could talk safely for years without re-syncing devices. The device, as I imagine it, would be delivered with a silicone mold and 2 bottles of water-clear epoxy resin so you could sync the device with its peer, then embed them both in lucite so that they were physically hard to access.



  1. sonofrojblake says

    I’d buy one of those terminals.

    (Thinks for a moment.)

    I’d buy two of those terminals.

  2. says

    They’re be sold in matched pairs, I figure. Though it would be a matter of making the software a bit more clever, to handle multi-way communications, if someone wanted to sync more than two.

    The hardest part would be writing plug-outs to post stega-images onto various image-sharing sites, etc. It would be tedious – those guys are always changing their APIs. And you couldn’t use just one channel – it’d pick pseudorandomly between google drive, gmail, facebook private groups, instagram, twitter, etc.

  3. says

    Sombody’s probably already written that as a malware control channel.

    Something like it exists; the security would be in the one-time pad encryption; the steganography and chunking would be to make traffic analysis a bit more expensive (it would still be a problem)

  4. komarov says

    Re: Traffic analysis

    If we ignored reality and assumed universal network coverage without bandwidth limits, maybe traffic analysis could be avoided by adding a lot of noise. Just have the device transmit random things to random sites at random times to hide when it’s you actually communicating. If everything is encrypted it should not be possible to distinguish between the noise and real commnunications as long as the random stuff isn’t obviously random. (e.g. googling variations of keyboard smash every time). You could even monetise your camouflage by renting out a bit of capacity to botnets, bitcoin miners or do things like protein folding.*

    The above is either a brilliant plan or complete rubbish based on my deeply flawed understanding of Everything, Especially Computers. No bets taken (But patents pending). Of course in the real world most people would run afoul of underdeveloped infrastructure, greedy phone companies or, in the case of the greatest country in the world, both. A minor issue easily corrected by overthrowing capitalism and putting the e-proletariat in charge.

    *Slightly related prediction: In ten years all that currently cloud-based voice processing from Echo and whatnot will be shifted from the company cloud to a user cloud made up of user devices idle (enough) at the time. The company saves money on infrastructure and makes more money by selling users increasingly powerful (and expensive) devices which are still suspiciously slow.

  5. Dunc says

    If we ignored reality and assumed universal network coverage without bandwidth limits, maybe traffic analysis could be avoided by adding a lot of noise.

    This is basically the idea behind Tor – if you can get enough dumbasses using it to swap child porn and deal drugs in the mistaken belief that it makes them untraceable, then the spooks can hide in the noise.

    Oh, sorry, did you mean by actors other than the US security services?

  6. says

    Oh, sorry, did you mean by actors other than the US security services?

    The US security services don’t use that. They have stuff that is much better.

  7. says

    If everything is encrypted it should not be possible to distinguish between the noise and real commnunications as long as the random stuff isn’t obviously random

    You’ve got the basic idea; the problem is you have to not only simulate noise, you have to simulate real traffic – otherwise the noise is pretty easy to factor out. There are many “fingerprints” that real traffic has, and if you think for a few moments you’ll figure out several of them: message size, message frequency, whether the message is acknowledged or not, etc. Dunc’s with @#6 that the best way to hide is in a bunch of real traffic. But that’s still a numbers game.