The capacity for the Internet to route around damage and censorship is dependent on there being multiple pathways for data to be routed. What happens when there are incredibly few pathways, and when many of the existing paths contain hidden traps that undermine communications security and privacy? This question is always relevant when talking about communications, but has become particularly topical given recent events that compromised some of the Internet’s key security infrastructure and trust networks.
On March 22 2011, Tor researchers disclosed a vulnerability in the certificate authority (CA) system. Certificates are used to encrypt data traffic between parties and to guarantee that security certificates are actually issued to the parties holding them. The CA system underpins a massive number of the Internet’s trust relationships; when individuals log into their banks, some social networking services, and many online email services, their data traffic is encrypted to prevent a third-party from listening into the content of the communication. Those encrypted sessions are made possible by the certificates issued by certificate authorities. The Tor researchers announced that an attacker had compromised a CA and issued certificates that let the attacker impersonate the security credentials associated with many of the world’s most prominent websites. Few individuals would ever detect this subterfuge. In effect, Tor researchers discovered that a central element of the Internet’s trust network was broken.
In this post I want to do a few things. First, I’ll briefly describe the attack and its accompanying risks. This will, in part, see me briefly discuss modes of surveillance and motivations for different gradients of surveillance. I next address a growing problem for today’s Internet users: the points of trust we depend on, such as CAs and the DNS infrastructure, are increasingly unreliable. As a result, states can overtly or subtly manipulate to disrupt or monitor their citizens’ communications. Finally, I suggest that in spite of these points of control, states are increasingly limited in their capacities to unilaterally enforce their will. As a consequence of networked governance, and its accompanying power structures, citizens can impose accountability on states and limit their ability to (re)distribute power across and between nodes of networks. Thus, networked governance not only transforms state power but redistributes (some) power to non-state actors, empowering those actors to resist illegitimate state actions.
Your web browser has been programmed to trust certain figures of authority. When you visit your bank’s website, encrypted Facebook pages, secured email accounts, and so forth your browser engages in a cryptographic exchange to establish an encrypted communication session. This session prevents third-parties from intercepting the content of the communications. Establishing this private communication relies on public key cryptography. Under this cryptographic system, communicating parties assume that a hostile third party is trying to listen into the communication and thus only provide one half of the encryption key – the public key – in the clear. Private keys are subsequently used to decrypt the communications. They are never shared.
Many websites rely on certificate authorities to establish this cryptographic exchange. Certificate authorities issue digital certificates that include a public key that web browsers use to initiate encrypted communications with the website. A CA acts as a trusted third-party in any communications process because the visitor of a website (typically) assumes that the issued certificate actually belongs to the website in question. Further, the visitor assumes that only the website’s operator, and no third party, is privy to the website’s private key. Certificates are (ostensibly) only issued when a CA is certain the the individuals requesting the certificate actually run/control the website the certificate would be used at. Unfortunately, it has recently come to light that a CA, Comodo, issued certificates for the following websites:
- mail.google.com (Gmail, google apps)
- login.live.com (Hotmail and other live services)
- login.yahoo.com (three separate certificates for this website)
- addons.mozilla.org (Firefox extensions)
- “Global Trustee”
With these rogue certificates, an attacker could perform a man-in-the-middle attack on each of these websites, meaning that they could act as an intermediary for any communications between the two parties. This attack relies on both parties believing that they are talking directly with one another, when in fact the third party is between them and reading the content of the communications. SSL connections, such as those used by Facebook, Gmail, Yahoo! mail, Microsoft’s Live services, Skype, and Mozilla, are meant to defeat such an attack but this is only possible where authentic certificates are issued. In the case of rogue certificates, this assumption of trust is violated. The EFF is presently suggesting that the ‘Global Trustee’ certificate may permit an attacker to impersonate any domain on the web. By receiving certificates, the attackers are not only able to encrypt communications so that it appears legitimate (using the publicly available public key) but also receive the private key, enabling them to decrypt messages that are encrypted using that public key. In effect, whomever the attacker(s) is, they managed to break the Internet in incredibly significant way by exploiting one of the key nodes of trust in the online world.
Comodo, the CA that fell victim to this attack, is suggesting that individuals in Iran are likely responsible for having compromised a certificate-issuing account. This is based on the significant number of Iranian IP addresses that were used in launching the attack, the need to be a state-level actors to maximally exploit this weakness, the focus on communications websites instead of financial sites, and the Iranian government’s recent efforts to undermine and block encrypted communications. Comodo also believe that the attack was preplanned based on the attackers’ rapid generation of certificates for the above mentioned sites.
It should be noted that while it is a plausible theory that the attacker was Iranian, this is not the only possibility. Robert Graham, at Errata Security, quickly noted that the security industry,
has a flaw in it’s critical thinking process. When something happens, we try to fit it into the story of the day. For example, when Slammer first hit, everyone thought it was a DDoS attack, because DDoS was the major story of the day. Similarly, with the transparent proxying in Tunisia and political unrest throughout the Middle East, that becomes the dominant story. Any crumb of evidence, such as one of the addresses being located in Iran, is suddenly magnified to become the most important piece of evidence. In fact, it’s one of the least important pieces.
Thus, while Iran remains a likely suspect it is challenging to definitively ascribe blame of this attack to any actor without additional information.
What can be done with this information?
A considerable amount of intelligence gathering today depends on signals collection. In a digital world, this sees attackers survey networks of communication to identify the flows and types of communicative traffic between nodes (actors) that are communicating with one another. This approach was adopted during the second world war because communications were sufficiently encrypted that many couldn’t be decrypted in time for the message content to be useful. Since then, signals intelligence has proliferated alongside the the growth of strong encryption. Most recently, national security agencies have either invested in social media tracking tools or are having members of the government advocate on their behalf to acquire those tools. Such efforts are in addition to ECHELON, the NSA’s wireless wiretapping, and GCHQ’s drive to deploy deep packet inspection systems through ISPs’ networks. In short, signals intelligence is important in identifying key nodes in communications network, for understanding relationships between nodes, and for determining which nodes are sufficiently important to subvert them for content analysis.
In the case of the certificate compromise, an attacker can access the network that people communicate with and the content of their communications. Thus, a network analysis could be performed on a wide range of email, Facebook, and Skype accounts that were compromised, correlating address books and frequency of messaging to identify key nodes in a communications network. Having identified those nodes, and other key points in a communications network, the attacker could take the time to analyze the content of those communications and develop intelligence about the particularities of those communicators. In essence, breaking the CA trust system permits the mapping individuals and then investigating key individuals participating in the network.
If the attacker is, indeed, the Iranian government then dissidents who have used electronic communications have a right to be concerned. Google and Skype both provided encrypted means of communication to enable dissident communications, though Iran has a history of disrupting encrypted communications provided by Google, Yahoo!, and others. By actively undermining the trust relationship between Google et al. and their users, the government could theoretically permit dissidents access to ‘encrypted’ communications channels whilst listening into what was being said at the same time.
It must also be noted that, even though the attack has been identified and measures taken to remedy the problem, that this does not solve underlying problems. This is noted by Jacob Appelbaum, who writes that
an attacker who is able to [man-in-the-middle] SSL/TLS will also [man-in-the-middle] the [Online Certificate Status Protocol/Certificate Revocation List] requests. Moxie’s sslstrip demonstrated that an attacker would do this automatically and his software has done this for OCSP in public since 2009. Mozilla did not fix this issue at the time and they have once again punted on the issue. An even lower tech attack is possible and it’s why revocation does not work: By returning a HTTP 500 error, the browser will the continue on as if revocation checks showed the certificate to be perfectly fine.
This means that if web browsers are not updated (updates will include blacklists for fraudulent certificates) an attacker can convince a web browser that a faked certificate remains legitimate because the browser can be prevented from checking the validity of its current certificates against CAs’ lists of revoked certificates. Of note: if the “global trustee” certificate is, indeed, used to sign any domain it means that the attacker could successfully trick web browsers that navigate to any SSL ‘protected’ website. Thus, if a government is responsible for this action, it could follow dissidents to alternate encrypted channels that rely on a CA and continue to eavesdrop on the content of communications.
Hierarchy of Control
The Internet was designed to be a trusting network, and that trust is routinely exploited today. As a trusting network, a hierarchy of authority makes sense: there are simply some parties that you should always trust. When the Internet was still young there were personal relationships between users and those ‘in control’ of aspects of the system. Since the 80s and early 90s, however, hundreds of millions of people have come online: it’s no longer practical to call up a friend or file a quick support request to guarantee that a site, certificate, or other element of a hierarchical trust network is working properly. To demonstrate the problems related to the hierarchy of control/trust, let’s briefly consider the Distributed Name System (DNS) in addition to certificate authorities.
The DNS hierarchy correlates human-readable domain names to the Internet Protocol addresses that actual identify servers and communicating nodes on the network. Compromising the DNS by redirecting human-readable names to false IP addresses is a tactic used by the US government, and even less scrupulous attackers, to censor communications transmissions and inject malicious code onto individuals’ computers. There are some suggestions on how to combat low-level attacks.
One suggestion is to replace the present DNS infrastructure with DNSSEC, a secured version of the DNS protocol that would guarantee that domain names correctly resolved to IP addresses. Per Landau, DNSSEC provides two things:
- Source authentication: A DNS resolver can verify that the information it received originally came from a DNS authoritative nameserver (one that the DNS resolver can “trust”).
- Integrity verification: A DNS resolver can determine that the information it has received from the DNS nameserver has not been tampered with during transit from the original authoritative nameserver (2011: 60).
Unfortunately, DNSSEC depends on all nameservers in the DNS lookup chain being DNSSEC-enabled; if there is a break in this chain then the chain of authenticity cannot be trusted. We can imagine an authoritarian regime that controls DNS lookups refusing to join the DNSSEC system and thus its citizens would never enjoy the chain of trust. Further, if you cannot trust the root nameservers (as is the case with all .com, .net, and other top-level domains in the face of American abuse of the root nameservers) then the chain of trust envisioned by DNSSEC is impossible to establish or maintain. Thus, even were DNSSEC implemented today state-sanctioned abuse of the DNS hierarchy might not be prevented. There are also discussions of abolishing the DNS hierarchy entirely, replacing it with a horizontal, distributed, DNS system. Horizontal DNS systems are in their infancy, however, and can’t be expected to alleviate concerns about DNS abuse anytime soon.
Certificate Authorities are another point of trust in the trust hierarchy of the web but, as demonstrated by both Comodo’s security breech and the inability of web-browsers to effectively notify end-users of revoked certificates, CAs are also not to be trusted. As Chris Soghoian and Sid Stamm write in their paper “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL” governments in the West can compel certificate authorities to produce false SSL certificates that enable government surveillance efforts. This attack can be performed in such a way that few end-users would realize that they were being provided a modified certificate for a secure website. As a result we shouldn’t only fear how repressive governments invade private, encrypted, communications but be even more worried about so-called democratic governments that can secretly compel the largest Certificate Authorities in the world to issue forged certificates for government surveillance and wiretapping purposes.
States Adapt, Not Abandon, Sovereign Power
While optimists in the early 1990s hoped that the Internet would lead to an era where individuals were largely free of state censorship and control this has not been the case. Censorship and the mediation of data flows are prevalent actions that take place around the world by public and private actors. This said, we needn’t adopt Goldsmith and Wu’s (2006) strong thesis that the Internet is being ‘bordered’ by nation-states, with such bordering degrading the Internet’s democratic potentialities. We might instead adopt Cowhey’s and Mueller’s (2009) more moderate thesis, that the Internet is mediating states’ modes of governance; states are being forced to exercise influence to shift flows of power in today’s networked governance environments instead of dictating the direction of flows. While this isn’t a new mode of directing power relationships, it is significant that clear-cut expressions of sovereign power encompass increasingly small spectrums of society; even in the face of revolution states must negotiate with international organizations on topics such as telecommunications, finances, and human rights. States are increasingly unable to just ‘retreat’ into their borders and act without grievous consequences to their economic and political well-being.
Today’s networked state is “characterized by shared sovereignty and responsibility between different states and levels of government; flexibility of governance procedures; and greater diversity of times and spaces in the relationship between governments and citizens compared to the preceding nation-state” (Castells 2009: 40). Where the state strongly influences the necessary nodes for digital communications, such as ISPs, they can dictate conditions that must be followed to behave as a node. In Iran, we see this through ISPs’ requirements to comply with government censorship and complicity in state surveillance efforts. The newly networked state is vulnerable, however, to acts of resistance that block the switches responsible for connecting nodes throughout the network – if command and control cannot be communicated between points then the exercise of networked power is significantly reduced. Thus, surveillance capabilities that are disaggregated across a spectrum of actors are only effective in their roles if they can correlate and act on their findings somehow; should the communications networks required for such sharing be closed or rendered transparent to the public a state’s surveillance capabilities are compromised.
In the case of Iran and its most recent actions, we might question the adequacy of some surveillance scholarship to effectively classify state surveillance programs. While arguably true that surveillance is intended to “precede the event” and “code” bodies across ambiguous spaces and times (Lyon 2003) the intensity of personal surveillance directed at individuals suggests that we must be wary of making strong claims about surveillance technologies. In stating that “[s]urveillance technologies do not monitor people qua individuals, but instead operate through processes of disassembling and reassembling. People are broken down into a series of discrete informational flows which are stabliized and captured according to pre-established classificatory criteria” (Haggerty and Ericson 2007) it is important to acknowledge that the networked state can express power in ways similar to the sovereign state. While the repressive networked state operates through an assemblage of techniques, variety of nodes, and acts according to networked governance principles, it may remain intensively interested about individuals. Rather than monitoring flows for information abstracted from individuals, the very intention of examining flows may be to become better ‘acquainted’ with individuals. Indeed, when participating in a network requires authenticating against a subscriber database (the case for many digital connections) a digital surveillance system may begin with the individual and ‘simply’ correlate flows to that individuals and parties the individual is associated with. Where this is the case an individual’s identity operates as the key orienting factor of surveillance instead of being a secondary facet of the monitoring process. In effect, while the network state may change its techniques of surveillance we should avoid stating that altering technique means that models of data aggregation and the intentionality driving surveillance are necessarily also altered.
The operation of extensive Internet-based surveillance facilitated by networked governance underscores Galloway’s argument that control and surveillance have operated at the heart of the Internet since its beginning (Galloway 2004). While true that the manifestations of control are variable, variability alone does not negate the fact that protocological analysis and control are located at the heart of contemporary data networks. Today we see efforts to weaken control by separating and ‘freeing’ the physical, logical and content layers of the Internet (Benkler 2006; Wu 2010) but not all state governance models are receptive to such a distinction, to say nothing of the liberation associated with Benkler’s compassionate liberalism. This is especially the case where the state is hostile to having its power disagregated, and is actively invested in transitioning as many of its sovereign capabilities to its newfound operation as a contemporary networked state. The willingness of states to adopt a separation thesis is perhaps best revealed when considering their attitudes towards the Internet’s hierarchical points of control: where governments resist horizontal network (re)development and instead support ‘better secured’ vertical networks we can intuit a residual desire to retain traces of classic sovereign power. It should be noted, that neither Iran, nor the United States government, nor the European Union, is seriously committed to reshaping the certificate authority system or moving towards a distributed DNS system that is resistant to state-sanctioned influence and interference.
So, what are the solutions to disrupting the networked state? Hardt and Negri (1999) argue that nomadic actions – those which quickly emerge and then recede into the noise of society – provide a means of hindering the globalized, networked, state. Indeed, as the state responds and reforms itself in responding to nomadic disruptions the nomads display their power to reconfigure facets of the state and its accompanying institutions. Civil advocates such as the Electronic Disturbance Theatre suggest that DDoS attacks that digitally mirror sit-ins can weaken the nodes of influence and control that networked governance regimes rely when exercising their power. Further, the networked state is situated within global networks of power and thus regularly struggles with external governing agents to assert its preferences. This affords dissidents with another avenue to affect change on the state: they can act upon repressive states through the international networks that repressive states hold membership in. Finally, authoritarian regimes and democratic states alike, along with their technical talent, must now confront well resourced multinationals, NGOs, and private citizens who may oppose the state’s governing influence. The capacity of these non-state actors to interrupt the state’s governance functions that are reliant on digital networks is a more significant threat today than it was a decade ago, and this new vulnerability affords new opportunities to disrupt the routines of power that constitute the networked state’s capacity to act. In disrupting the very points that afford control – the DNS, CA networks of trust, and the like – and by implementing competing non-hierarchical alternatives to current vertical power networks, states’ powers can be further disaggregated and their sovereignty made increasingly accountable to the world’s networked citizenries.
Y. Benkler. (2006). The Wealth of Networks: How Social Production Transforms Markets and Freedom. New Haven: Yale University Press.
M. Castells. (2009). Communication Power. Toronto: Oxford University Press.
P. Cowhey and M. Mueller. (2009). “Delegation, Networks, and Internet Governance” in
K. Haggerty and P. Ericson. (2007). “The New Politics of Surveillance and Visibility” in K. G. Haggerty and P. Ericson (eds). The New Politics of Surveillance and Visibility. Toronto: University of Toronto Press.
M. Kahler (ed.). Networked Politics: Agency, Power, and Governance. London: Cornell University Press.
J. Goldsmith and T. Wu. (2006). Who Controls the Internet? Illusions of a Borderless World. Toronto: The Oxford University Press.
S. Landau. (2011). Surveillance or Security. Cambridge, Mass.: The MIT Press.
D. Lyon. (2003). “Surveillance as social sorting: computer codes and mobile bodies” in D. Lyon (ed.). Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination. New York: Routledge.
A. Negri and M. Hardt. (2000). Empire. Cambridge, Mass.: Harvard University Press.
T. Wu. (2010). The Master Switch: The Rise and Fall of Information Empires. New York: Knopf.