Diplomatic encryption system used by Irish government sold by company owned by CIA

AhNowStop

Well-known member
Joined
May 23, 2017
Messages
10,511
If SF ends up forming a government of some sort, how will they deal with MI5/6 moles and the Monaghan and Dublin bombings files? And that's just their first day in office.
It’s mad when you think of it .... will the real “sinister fringe” keep this type of stuff from them :unsure:
 


Orbit v2

Well-known member
Joined
Dec 8, 2010
Messages
12,308

There is more to programming than just the Web.
I'm in the business myself since the 80's and was programming 6502 assembler as a teenager before that. I'd say mainframes and Cobol have much the same amount of jobs today as the 80's whereas the rest of the computer industry has exploded in size. I've said this before, that an extraordinary percentage of the people I went to college with (in the 80's) and who studied stuff completely unrelated from geology to psychology and philosophy have all ended up in the computer business.

If you want to be pedantic and argue that all software has evolved since the 1930's or 40's then fine; it can all be traced back to Von Neumann, in the 1940's, but the point I was replying to was a criticism of the state for using these Crypto machines without adding their own layer of 'super encryption'. I was just pointing out that these devices were not programmable by users. You used them as black-boxes. The poster then went on about the state using programmable computers like PDPs etc. I think it's highly unlikely they were using them in foreign embassies in the 80's.

I think your distinction between encryption and scrambling* is also not a significant one. Scrambling is just a weak kind of encryption in my book. The purpose in both cases is to thwart eavesdroppers, with varying degrees of sophistication.

* though it was me who brought the term up. I just meant it as a weak form of encryption.
 
Last edited:

JacquesHughes

Well-known member
Joined
Feb 16, 2013
Messages
1,300
Are we being informed, or misled?

Recently 'security' pre-occupied think-tanks ( from the US) were prominent in publicly warning the UK government and people of the hazards and capabilities of Huawei ( 'the Chinese Communist Party will read your medical records', is an example of the worrying claims), but the same think-tanks had NOT told us that supposedly encrypted Whatsapp messages were being hacked by governments ( some troubled by dissidents) which had bought that service from an Israeli company.
 

NMunsterman

Well-known member
Joined
May 18, 2007
Messages
6,361
It's all a bit of a double-edged sword.

Irish Govt and state officials will assume by default that the US and British Intelligence services are eaves-dropping 24/7 (everywhere they want and in all countries) and will behave accordingly.

All this eaves-dropping can be used against the intruder by simply deliberately planting mis-leading information in the knowledge it will be picked up.
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
44,835
If you want to be pedantic and argue that all software has evolved since the 1930's or 40's then fine; it can all be traced back to Von Neumann, in the 1940's, but the point I was replying to was a criticism of the state for using these Crypto machines without adding their own layer of 'super encryption'.
You don't know that they did or did not use another layer of encryption. Most diplomatic traffic is sparse and has a structure. Read some of the Wikileaks stuff and that should become apparent.

I think your distinction between encryption and scrambling* is also not a significant one.
The distinction is in the professional use of the terms. With scrambling, the order of the data changes but the data itself does not change. It is still the same data. With encryption, the data itself changes by substitution or other methods.
 
Last edited:

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
44,835
Not the hardware, but in general a lot of software used in daily life is either an evolution of software written in the 50s or 60s or is actually that same software unedited. Every time you use an ATM you trigger off a sequence of file handling macros which were written in 1962/3. They work.
There's a good book by Phil Greenspun (Philip and Alex's Guide To Web Publishing) that was published in the late 1990s that dealt with the backend for web publishing large sites. At the time AOL was running some of the largest and high traffic sites on the web and that AOLserver software was amazingly powerful. One of the most important points was the the fact that airline booking software back then was still using ultra-reliable code from the 1960s. It was, from memory, in the section about the choice of backend database (Oracle was the database of choice for the AOLserver webserver software with its integrated Tcl language.) Tcl as a language dates from 1988 and is used in a lot of devices as it is quite compact. C and C++ dates from the 1980s. Then there's FORTRAN, Prolog and LISP which might end up frying brains.

The engagement rules at the levels of major systems guarantee that whatever future developments happen, software must continue to run. No matter what, a system which was running happily in 1970 on what would now be considered to be ancient hardware must continue to run on 2020/2030 hardware. That is what serious systems guarantee.
Speaking of hardware, the launch codes for nuclear missiles in the US were stored on 8" floppy disks up to a few years ago.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
You don't know that they did or did not use another layer of encryption. Most diplomatic traffic is sparse and has a structure. Read some of the Wikileaks stuff and that should become apparent.

The distinction is in the professional use of the terms. With scrambling, the order of the data changes but the data itself does not change. It is still the same data. With encryption, the data itself changes by substitution or other methods.
Indeed. It might also be pointed out that some scrambling systems were more akin, in a way, to stenography rather than cryptography.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
I'm in the business myself since the 80's and was programming 6502 assembler as a teenager before that. I'd say mainframes and Cobol have much the same amount of jobs today as the 80's whereas the rest of the computer industry has exploded in size. I've said this before, that an extraordinary percentage of the people I went to college with (in the 80's) and who studied stuff completely unrelated from geology to psychology and philosophy have all ended up in the computer business.

If you want to be pedantic and argue that all software has evolved since the 1930's or 40's then fine; it can all be traced back to Von Neumann, in the 1940's, but the point I was replying to was a criticism of the state for using these Crypto machines without adding their own layer of 'super encryption'. I was just pointing out that these devices were not programmable by users. You used them as black-boxes. The poster then went on about the state using programmable computers like PDPs etc. I think it's highly unlikely they were using them in foreign embassies in the 80's.

I think your distinction between encryption and scrambling* is also not a significant one. Scrambling is just a weak kind of encryption in my book. The purpose in both cases is to thwart eavesdroppers, with varying degrees of sophistication.

* though it was me who brought the term up. I just meant it as a weak form of encryption.
Of course they were not programmable by the user, but the user owns the output and that can be post-processed in any way they choose.

Jmcc mentioned early systems and I guess he may have had something such as SABRE - the airline reservation system - in mind. This was a real-time system allowing tens of thousands of travel agents remote access to a central repository of flight details and seat availability. It was designed in '57 and went live in '62. It is still going and lives under the covers of travelocity.

It may or may not have been encrypted. It was probably not considered a candidate for that. However, even at that time banks were using encryption for their external network traffic. Public key encryption was not yet an option so keys were distributed by trusted couriers.

My point is that realtime online processing predates the web by a long time (at least in computer terms).
 

Orbit v2

Well-known member
Joined
Dec 8, 2010
Messages
12,308
You don't know that they did or did not use another layer of encryption. Most diplomatic traffic is sparse and has a structure. Read some of the Wikileaks stuff and that should become apparent.
I think it's unlikely, but it was another poster who said "I would consider them negligent if they weren't using an additional layer of encryption". So, it's really up to that poster to prove that they were.
The distinction is in the professional use of the terms. With scrambling, the order of the data changes but the data itself does not change. It is still the same data. With encryption, the data itself changes by substitution or other methods.
It's one definition, but not the only one. See the first paragraph here:

 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
I'm in the business myself since the 80's and was programming 6502 assembler as a teenager before that. ...
I had completely forgotten the 650 family. What a piece of kit.

It backs my point up. It used registers and all those things that had been knocking about for decades. Obviously, there were proprietorial differences and some tweaks, but if you could code Assembler on that my guess is that it wouldn't take long to cross over to IBM Assembler.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
I think it's unlikely, but it was another poster who said "I would consider them negligent if they weren't using an additional layer of encryption". So, it's really up to that poster to prove that they were.

It's one definition, but not the only one. See the first paragraph here:

I said "If". I made no assertion that they did or they didn't. There is no burden of proof on me and I stand by my statement.
 

Orbit v2

Well-known member
Joined
Dec 8, 2010
Messages
12,308
Anyhow, that's all off topic. For pig iron, what do we think that governments like ours could do to protect themselves against threats like this, today?

using public domain encryption software, built inhouse or least by some trusted, local consultancy outfit?

That depends on trusting the hardware you use and the tools used to build the software of course.

What about secure mobile communications? I met someone a while back who doesn't trust the Android OS supplied by commercial vendors and builds and installs his own. I think that is an area worth exploring as smart phone users are completely at the mercy of multiple actors, not least the Chinese government. Again though, you have to trust the hardware, and other fairly opaque components like the baseband stack.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
Anyhow, that's all off topic. For pig iron, what do we think that governments like ours could do to protect themselves against threats like this, today?

using public domain encryption software, built inhouse or least by some trusted, local consultancy outfit?

That depends on trusting the hardware you use and the tools used to build the software of course.

What about secure mobile communications? I met someone a while back who doesn't trust the Android OS supplied by commercial vendors and builds and installs his own. I think that is an area worth exploring as smart phone users are completely at the mercy of multiple actors, not least the Chinese government. Again though, you have to trust the hardware, and other fairly opaque components like the baseband stack.
It is a very vexed question.

Public domain software has its adherents and at least the source code is available for scrutiny.

The issue with that for financial organisations is that by law all software they run must have support in place, so open source is out. So they buy from companies such as Red Hat, which means that you are squarely in the realm of trusting a company.

The irony is that it is almost a better strategy to have nobody to trust rather than to have to select a supplier.

Multi-factor is possibly one direction. I don't know how that would translate to phones.
 

jmcc

Well-known member
Joined
Jun 12, 2004
Messages
44,835
Anyhow, that's all off topic. For pig iron, what do we think that governments like ours could do to protect themselves against threats like this, today?
Be careful with how data is distributed.

using public domain encryption software, built inhouse or least by some trusted, local consultancy outfit?
Remember seeing a TV programme on Irish TV years ago interviewing a spoofer from a well-known consultancy firm. He was waffling about how they were factoring prime numbers. :) Public domain encryption algorithms are not necessarily permanently secure. On the professional side of things, security is always considered temporary.

With diplomatic traffic, the players are state level actors with massive resources. This changes the threat model considerably because a public domain algorithm may have a weakness or vulnerability to particular attacks that are not in the public domain. Computationally, DES was considered secure. However, the falling costs of hardware meant that it became feasible for members of the public to build DES crackers. NSA has had its own chip fabs for decades.

Then there is the issue of various public standards and algorithms having been influenced. (Snowden revelations, RSA etc.)
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
Anyhow, that's all off topic. For pig iron, what do we think that governments like ours could do to protect themselves against threats like this, today?

using public domain encryption software, built inhouse or least by some trusted, local consultancy outfit?

That depends on trusting the hardware you use and the tools used to build the software of course.

What about secure mobile communications? I met someone a while back who doesn't trust the Android OS supplied by commercial vendors and builds and installs his own. I think that is an area worth exploring as smart phone users are completely at the mercy of multiple actors, not least the Chinese government. Again though, you have to trust the hardware, and other fairly opaque components like the baseband stack.
To add to my previous response: in my professional situation if I had an answer I couldn't say it out loud without compromising my clients!!

That is moot, though. I don't have a definitive and absolute answer: just the best that I can offer. As jmcc points out, that might not last a long time. The threats evolve and we must evolve as well.

I've never offered perfect security in my career.
 

CatullusV

Well-known member
Joined
Jan 9, 2018
Messages
6,046
Outside the purely technical methods of securing systems there are other issues to address. One of these - possibly the biggest is behavioural. It's all very well having a security team who are security aware ( and that is not a given, btw), but anyone in an organisation who has access at any level to the systems needs to be trained in how to maintain a secure environment. They need to be trained in how to avoid social engineering traps and also what the best practices are.

Another sort of non-technical approach is that of eternal diligence. Ok, it is supported by tooling, but I have the growth of the SOC, or Security Operations Centre, over the last few years. They monitor and react to attacks on a24x7 basis. I've seen reports in one bank of 74k attempted intrusions in one night. If the SOC is located on the same floor as you, you will be aware of their presence as the kitchen area is always a mess.
 

NMunsterman

Well-known member
Joined
May 18, 2007
Messages
6,361
"Ex-diplomat always knew Britain intercepted Irish communications"

For any genuinely sensitive communications from Northern Ireland, couriers were used, Mr Lillis said. “We kept using our technology but we knew it was compromised.”

Officials were also conscious their offices in the Bunker were likely bugged.

We used to say ‘Goodnight, Cheltenham [the location of GCHQ headquarters]’, up to the lights,” former diplomat Daithi Ó Ceallaigh said at a “witness seminar” in UCD in 2015.
:) :)

 

Kevin Parlon

Well-known member
Joined
Dec 4, 2008
Messages
12,250
Twitter
Deiscirt
It's long been suspected that the US and the UK were intercepting Irish diplomatic communications, but some interesting information has come to light suggesting that not only is it true, but that we actually paid big money for the "privilege".

Reports in the The Register and The Washington Post today show that the Swiss company, Crypto AG, which sold expensive equipment for encrypting diplomatic communications was actually owned jointly by the CIA and the West German BND.

The link below contains a suggestion that the Irish government paid a million quid for the devices, only to have them monitored by GCHQ during the sensitive period leading to the Anglo Irish agreement in 1985.

Given Ireland doesn't "do" foreign policy and all of our trade is governed by the EU this is kind of a non-issue. It's an interesting story tho. What is less interesting is Irish baloobas paying over the odds for kit they don't understand and don't need. (latest instalment: the printing press in Leinster house)
 

Kevin Parlon

Well-known member
Joined
Dec 4, 2008
Messages
12,250
Twitter
Deiscirt
security is always considered temporary.
This 👆

Security is interesting (if you're into cryptography/engineering/maths) because it pits extremely (supremely) highly motivated minds against each other. This was after-all what made the bletchly park stories so readable)
 

NMunsterman

Well-known member
Joined
May 18, 2007
Messages
6,361
Given Ireland doesn't "do" foreign policy and all of our trade is governed by the EU this is kind of a non-issue. It's an interesting story tho. What is less interesting is Irish baloobas paying over the odds for kit they don't understand and don't need. (latest instalment: the printing press in Leinster house)

You mean if we had just sat on our hands during the Brexit FUBAR that the EU would have gotten us the border in the Irish Sea in any case - you should have told the lads who broke their melt over the past 3 years and they could have just gone fishing or golfing instead.

Nice to hear that the EU is going to get the Re-United Ireland for us and we can all go fishing and golfing in the interim.

Do you have a date that the EU has decided on for that ?



By the way, do you know how to use a Telex machine - fair play to you if you do.

I worked with a few German and US companies back in the day and the GM's had not the first clue about how to use the Telex machines - nor did they need to nor did it prevent them from successfully making deals in the millions.

Subsequently, I recall when the first Fax machines came on the market, one of the market leaders had the sales pitch :

"So easy even the CEO can use it".

Of course it wasn't true as most CEO's never used the Fax machine in any case and had their secretarial staff to do it.
 
Last edited:


New Threads

Popular Threads

Most Replies

Top