You are here

You are here

What the SolarWinds hack really tells us

public://default-article.png
N4nk3r ph3193 Security researcher
 

The recent news that malware had been added to the Orion software sold by SolarWinds is just the latest in a series of incidents in which an adversary may have managed to compromise either hardware or software.

Its effect is probably much greater than the incidents that preceded it, and it probably won’t be the last such incident. This may be because we got what we asked for in the crypto wars of the 1990s.

A crypto history lesson

use of encryption Back in the early ’90s, the export and use of encryption that provided more than 40 bits of strength was strictly controlled by various laws throughout the world. Then, in April 1993, the Clinton White House announced a plan to allow the use and export of strong encryption, but only if the encryption had a backdoor that gave the government the ability to decrypt any encrypted data. This was implemented as the “Clipper Chip,” technology that would be used to implement the government’s plan for key escrow.

In February 1994, the Department of Commerce published the Escrowed Encryption Standard (FIPS 185) to support this initiative. Attorney General Janet Reno then announced that NIST and the Department of the Treasury would be the agents for the government’s escrowed encryption program and published the procedures for releasing keys to law enforcement officials for use under approved wiretap orders. Everything seemed ready to go.

But a significant number of Americans were firmly against their government’s plan for escrowed encryption and believed that their need for privacy was more important than the government’s need to be able to read encrypted messages. And although there were strong opinions on both sides of this issue, the government eventually backed down and dramatically liberalized the controls on strong encryption. Other governments soon followed, and today, it’s easy to get 128-bit encryption almost anywhere.

Encryption that provides 128 bits of security is very, very secure. It’s the sort of thing that takes so long to crack that you’ll be able to watch the collision between the Milky Way and Andromeda galaxies, which will happen a couple of billion years in the future, while you wait. Thus, if you can (correctly) use encryption that gives you 128 bits of security, absolutely nobody can crack it. And that even includes rich and powerful entities such as national governments.

No problem here?

But a look at the Administrative Office of the US Courts’ annual Wiretap Reports suggests that the use of encryption is probably not significantly interfering with the ability of law enforcement agencies to carry out wiretaps. Every year, US courts approve a couple of thousand wiretaps, and just a few of these are protected by some form of encryption that stops law enforcement officials from getting what they want.

And although their inability to get information from mobile devices may be a serious problem for them, it’s hard to find any data that supports the idea that the Internet is going dark for them due to the widespread use of encryption.

But it’s also reasonable to assume that governments did not simply decide to give up on eavesdropping when strong encryption became widely available. After all, from their point of view, law enforcement and intelligence agencies have legitimate need for surveillance. And it seems naive to assume that they would simply give up on this surveillance because their targets were using encryption. And if they are not being thwarted by the use of encryption, what’s happening?

If law enforcement and intelligence agencies can’t break the encryption that their targets use, we should expect them to find ways to bypass it. That’s exactly what Adi Shamir (the “S” in “RSA”) predicted in the lecture that he gave after accepting the ACM’s Turing Award in 2002.

The third of his Three Laws of Security:

"Cryptography is typically bypassed, not penetrated.”

SolarWinds is par for the course

Not too many years later, we’re seeing that take place more and more frequently. The compromise of SolarWind’s Orion software is just the most recent of these.

An easy way to do that is to subvert the hardware and software that implements the encryption. This could be implemented as subtle modifications to cryptographic algorithms, as may have happened to the Dual EC DRBG random bit generator that is speculated to have been compromised by the US government. Or it could be implemented as malware that intercepts plaintext values at the TCP/IP application layer, when they are no longer protected by encryption that takes place at the transport layer or below. Or it could be implemented as hardware that gives government agents access to information that a computer might be processing. Or it could be implemented as something just like the malware that infected SolarWind’s Orion software.

In the absence of the ability to beat strong encryption, using techniques such as SolarWind’s Orion to bypass it seems like a natural step for governments to take.

Thus, it may be the case that relying on subverted hardware and software is the price that we need to pay for having strong encryption. Let’s just hope that we don’t end up having to deal with multiple, incompatible compromises at the same time when different governments don’t coordinate their efforts.

Back the backdoors

To make sure that this can’t happen, it’s not hard to imagine an ISO/IEC standard for coordinating these backdoors being worked on by representatives of lots of national governments, all of which really work for their governments’ intelligence agencies, yet won’t openly admit to the other people on their committee that they also do.

It could end up being much like G.K. Chesterton’s story “A Man Called Thursday,” in which everyone on the committee of anarchists ends up being a government agent keeping tabs on the actions of anarchists. (It’s also not hard to imagine a situation in which the bumbling grandson of Jacques Clouseau ends up working on this standard, along with like-minded people from other countries, of course.)

Learn to live with it

So is the SolarWinds compromise serious? Absolutely. Does its seriousness justify the time and effort being spent on double-checking the security and integrity of our software development and delivery processes? Again, yes. But will any effort to make sure that a similar compromise doesn’t happen again stop such compromises in the future?

Unfortunately, probably not. There are simply too many rich and powerful governments with an interest in making sure that similar compromises will happen again in the future. And this is probably an unintended consequence of the outcome of the crypto wars of the ’90s, but it’s probably one that we’re going to have to live with.

This post is the first of security researcher N4nk3r ph3193's No Security column

Keep learning

Read more articles about: SecurityData Security