Cory Doctorow Profile picture
Mar 30 29 tweets 7 min read
Back in '94, @BillClinton signed #CALEA , mandating that all voice-capable switches include a "lawful interception" backdoor that would let cops listen in on phone calls without having to actually physically access the switch itself.

en.wikipedia.org/wiki/Communica… 1/ A padlocked barn door. The rusty padlock is emblazoned with
If you'd like an unrolled version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2022/03/30/law… 2/
CALEA came with three promises:

I. The backdoor would only be used by cops;

II. They would get a warrant first;

III. It would only apply to voice traffic, not the internet.

All of these promises were lies. 3/
Anyone who's ever watched a detective show where a PI says, "I have a cop who can run that license plate" knows that if you give cops oversight-free, unaudited access to a database, you're also giving access to anyone any cop owes (or sells) a favor to. 4/
When CALEA passed, its opponents warned that a "voice capable" switch would soon be indistinguishable from an "internet" switch. 5/
Less than a decade later, the FBI successfully argued that all internet switches were now capable of carrying voice traffic, so they, too, must have CALEA backdoors. 6/
That didn't just expose Americans to surveillance by cops, their friends, and anyone who gained access by pressuring or impersonating a cop. Vendors installed CALEA backdoors in all their switches, to ensure that they could access the US market. 7/
These backdoors made their way into countries *without* CALEA mandates, where they were abused. 8/
Most notoriously: the Greek government and prime minister were wiretapped in 2004 in order to sabotage the Greek Olympics bid. Greece doesn't have CALEA on its law-books, but it *did* have CALEA-compliant switches in its telephone network.

schneier.com/blog/archives/… 9/
Any time you mandate "extraordinary access" to an otherwise secure system, you create an opportunity for exploitation by criminals, spies, and snoops. 10/
Take the "Emergency Data Request" (#EDR), a US system that allows cops to demand warrantless access to your online account data. 11/
This is supposed to be used in white-hot emergencies, like kidnappings or Jack Bauer-style hypotheticals where there's a ticking bomb and only warrantless access will let you defuse it. 12/
By their nature, EDRs are meant to be obeyed without a sanity-check or other verification. When a provider gets an EDR from a cop, they're supposed to hop to, because the alternative might abet a murder or other grave crime. 13/
If a provider thinks an EDR is legit, they'll honor it. But with 18,000 US police agencies, there's no way to validate and EDR *a priori*, and if just one of those police agencies suffers a breach, anyone who can exploit it can issue their own EDRs. 14/
Ever hear of LAPSUS$? That's the notorious hacker gang (apparently helmed and operated by teens) that has been on a planetary rampage, stealing and dumping sensitive data and blackmailing governments, corporations and individuals.

wired.com/story/lapsus-o… 15/
LAPUS$'s methods were a mystery, but now @briankrebs sheds light on how the gang pulled it off: they impersonated cops, issuing EDRs to service providers, who *just handed over data* they used to break into agencies, companies, and personal accounts.

krebsonsecurity.com/2022/03/hacker… 16/
In 2021, a criminal connected to LAPUS$ - a 14 year old who used the handle Everlynn - advertised tEDRs from a real law-enforcement agency, and sold this capability to would-be hackers for $150.

Everlynn understood something that the creators of EDRs did not. 17/
In their sales pitch, they wrote, "This is very illegal and you will get raided if you don’t use a vpn. You can also breach into the government systems for this, and find LOTS of more private data and sell it for way, way more." 18/
Everlynn's identity was revealed by a dox attack allegedly launched by "White," a founder of LAPUS$; they were colleagues in an earlier hacking group called Recursion Team. 19/
White, in turn, was allegedly outed by the staff who worked under him at a site called Doxbin, who were upset that White's mismanagement exposed the site's user database. 20/
These children aren't criminal mastermind prodigies, in other words: they're normal, fallible people, who nevertheless gained access to LDR facilities that compromised governments, corporations and individuals around the world. 21/
Everlynn isn't the only bad actor using EDRs to compromise accounts. One of Krebs's sources, who goes by KT, reports that this is a common tactic, and the go-to pretense is "Terroristic threats with a valid reason to believe somebody’s life is in danger." 22/
Among the targets successfully compromised with this tactic is Discord, which was induced to reveal sensitive user information in less than 30 minutes. 23/
Discord admitted to Krebs that it had been fooled: "we later learned that [the law enforcement account that sent the EDR] had been compromised by a malicious actor." 24/
How do bad actors gain access to police emails? The same way they gain access to any service: compromising the website and installing a reverse shell; guessing passwords; or recycling passwords breached from other services. 25/
Krebs's expert sources are pessimistic about the possibility of fixing the EDR system. Former DoJ prosecutor @mdrasch told him that "spotting unauthorized EDRs would require these companies to somehow know and validate the names of every police officer in the United States." 26/
UC Berkeley's @ncweaver told Krebs that securing EDRs is "a fundamentally unfixable problem without completely redoing how we think about identity on the Internet on a national scale." 27/
This is a lesson as old as CALEA - if you create a backdoor that tens of thousands of people can access, then you create a backdoor that anyone can access, because it's impossible to prevent the impersonation, subordination, or corruption of that many people. 28/
Image:
Paulo Valdivieso (modified)
flickr.com/photos/p_valdi…

CC BY-SA 2.0:
creativecommons.org/licenses/by-sa… 29/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Cory Doctorow

Cory Doctorow Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @doctorow

Mar 30
Today's Twitter threads (a Twitter thread).

Inside: Hackers' code-free exploit: pretend to be cops; and more!

Archived at: pluralistic.net/2022/03/30/law…

#Pluralistic 1/ A padlocked barn door. The rusty padlock is emblazoned with
This Thursday (Mar 31), I'm appearing on a panel at the Charles River Associates Competition & Regulation in Disrupted Times conference in Brussels. It's free to attend or stream.

cra-brusselsconference.com 2/
Hackers' code-free exploit: pretend to be cops: The predictable outcome of the Emergency Data Request system.

3/  Image: Paulo Valdivieso (modified) https://www.flickr.com/p
Read 29 tweets
Mar 29
Horror movies that came out in 1933 wilwheaton.tumblr.com/post/680079696… ImageImageImageImage
Horror movies that came out in 1933 wilwheaton.tumblr.com/post/680079696… ImageImageImageImage
Horror movies that came out in 1933 wilwheaton.tumblr.com/post/680079696… Image
Read 4 tweets
Mar 29
Who needs a tricorder when you have Treknoculars™. wilwheaton.tumblr.com/post/680074290… Image
The Undaunted Heroes: A Vietnam Diary (c1972 ed.)

A really nice piece of Soviet war reportage from Vietnam, definitely intended for American readers (well printed and translated, and on decent paper)

jellobiafrasays.tumblr.com/post/680074600… Image
Read 6 tweets
Mar 29
Battlestar Galactica on the Universal Studios Tour in California gameraboy2.tumblr.com/post/680071146…
Battlestar Galactica on the Universal Studios Tour in California gameraboy2.tumblr.com/post/680071146…
Battlestar Galactica on the Universal Studios Tour in California gameraboy2.tumblr.com/post/680071146…
Read 10 tweets
Mar 29
In Neuromancer (1984), @greatdismal described one of his settings thus: "Night City was like a deranged experiment in social Darwinism, designed by a bored researcher who kept one thumb permanently on the fast-forward button."
In The Peripheral (2014) and its sequel Agency (2020), the unseen, lurking villain is an ultrawealthy social science experimenter who sends information back in time to destabilize and torture parallel Earths of the past.
I think there's a plausible headcanon that makes The Sprawl of Neuromancer into a stub in The Peripheral, where people are tormented for the amusement of some devilishly creative villain.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(