Tuesday, August 18, 2015

Encryption Services For The Digital Spying Age

There ought to be a lesson for anyone in any public venue: No unencrypted communication. Bridgegate? A jumble of meaningless letters. Hillary's server: "Well, it was all end-to-end encrypted so even if the server's contents was compromised, they wouldn't GET anything." Even the records in the OPM and IRS databases should have been encrypted.*

Today The Omnivore will talk about a burgeoning field: Encrypted chat.

The Case For Encrypted Chat

In terms of digital communication there are a few basic venues. These are:

Used For
The Problem
Most common means of communication in corporate world. Integrated into every platform. Searchable, organized into conversations.
Hangs around FOREVER. Multiple back-ups. Protocol is NOT secure.
Text Message
Asynchronous communication for mobile devices (the user may get at any time--not necessarily a real-time conversation).
Remains on mobile devices after “deletion.” Accessible by subpoena from carrier services.
Computer Chat
Synchronous real-time communication. Not as persistent as email or text (servers are not necessarily owned by gov-friendly carriers).
Susceptible to interception, security is often questionable. Requires a persistent data-connect.
Specific apps can be used for discussion. These mirror either text or chat, usually (less so the heavy-weight email).
Messages persists on servers no matter what they tell you. Lack of trust in non-secured apps.

For someone trying to, say, organize a bridge shutdown--or disavow lying about Benghazi/taking Russian pay-offs, Email is the worst way to handle those communications. It is, however, the way everyone does them. Public key encrypted email has been around forever--but it has to be integrated into the email tool.

The Omnivore thinks that encrypted chat is where secure coordination ought to go. This is because:

  1. It is generally real-time. This encourages conversations where specifics happen and decisions are made in one specific window. As such, the aperture for compromise is smaller.
  2. It is at least theoretically easier NOT to leave records on your device. 
  3. If all parties can get the same encryption working, there will be little a third party can do to compromise your communication without compromising your device.
  4. Chat can--or at least should--be able to take advantage of anonymizers like VPNs or TOR without having to do much extra (unlike, say text message or iOS/Android apps).

Before Looking Directly At Chat

If you are an elected official who is using private email for questionable purposes (or just don't want your communications reviewed by an enemy press-corps) before delving into chat you should look at the following applications:
  • A Chromebook. This is a hard-to-compromise laptop that runs Chrome OS. It can be Power-Washed (a full reset) and then restored to full functionality in a matter of minutes--less than a minute, really. This should be your go-to device for communication. And that's YES: knowing Google is easily accessed by the government. The device can be Power Washed at the end of every communication session so that if it is taken, it will be a "as new" clean machine.
  • Google Chrome VPN Applications. There are free ones--but if you are serious, invest in a VPN.
  • Google Chrome file encryption applications. You can save data on your computer with fairly good encryption. This should be done for any maintained data.
  • GMail encryption. Possibly other web-based email encryption. There are several of these extensions and they will provide increased security for email.
  • Do all your work in anonymous incognito mode.
  • Remember your (strong) passwords. Don't use a manager, don't write them down. DO NOT RE-USE.
  • You can use the Hush Application for maintain sets of links to the services (email, chat, etc.) you use (private bookmarking in incognito mode). NOTE: The links are NOT shared between the user's Chrome instances (unlike other Chrome customization) making it ideal for keeping links on a singular device.
  • When possible, in conversations, use code-words and then retire them. It isn't operation Shut-Down-The-George-Washington-Bridge--it's Protect-My-Benghazi-Weapons-Running-Scheme. If the prosecutors get their hands on a transcript, they'll just be confused.
Okay? If you're going to shut down a bridge or go all Game of Thrones on someone--but need email coordination to do it--this is your starting configuration. Now ... chat.

The Problems With Encrypted Chat

So encrypted chat has some specific problems that come with it--specifically:
  • Some kinds of chat don't work across different OSes. For example, an Android Device chatting to a Chromebook is devilishly hard to get compatible software for (yes, if everyone is using a Chromebook, you avoid this--but in real life, not everyone will--or not everyone you need to coordinate with is part of your "team" and you still want secure communication outside of your team.
  • Some kinds of chat require specific apps which could raise suspicions. Ideally, if your device is ever taken you don't want anyone even knowing you were having communications--much less secure ones--and far less with who.
There are a lot of great apps like ChatSecure (doesn't work on a Chrome book) or Google Talk with OTR (OffTheRecord) encryption (doesn't work on a Chromebook) or CryptoCat (doesn't work on Android)--and so on. What we are focusing on here is going to be encrypted chat services you can access from a web-page. This, combined with Incognito, a VPN Anonymizer, and/or TOR, should provide you with maximal deniability and maximal protection--if the service works as advertised.

NOTE: To determine if the service works as advertised you need to have someone you trust (a) review the code, (b) review the infrastructure, and (c) keep tabs on it going forward. This isn't going to work in real life so The Omnivore is going to go with "you've got to trust someone somewhere" and more or less take these guys at their word.

Chat Service
ChatCrypt: a web-based, IRC-like chat-room. You have a room name, a password, and a username.
It claims to use AES encryption from the client browser and HTTPS for the service. As such, the communication ought to be both secured from intercept and impossible for anyone but the owner to read.
It displays ads in the chat room plus we don’t know anything about who owns it (or, at least. The Omnivore doesn’t). This raises questions about trust and makes it less suitable for corporate use.
This is probably a good choice for fast, light-weight discussion.
Cyph: Web-based crypto-chat with digital signing for the keys so you should be able to tell if their servers get “pwned” (their term). Support for files and video--all encrypted. Uses an improved version of the “Castle Protocol” --a modification to OTR. When you “log in” you get a link (good for 10 min) to share with others. In chat you are “me” and “friend.”

Cyph generates pop-up alerts when someone messages--which is great if you are looking at other web pages.

Cyph also has a good formatting/mark-up language which is more useful than you might think.
Seems extremely secure. It’s founded by two ex SpaceX engineers so, if true, they seem unlikely to be sifting anonymous conversations for black-mail. While creating the keys takes a few moments, it seems fast and responsive.
The background of the entry page has dramatic shaky-cam pictures of WARNINGS and CONNECTED screens and someone--presumably a hacker … This, of course, isn’t professional--but it’s acceptable. Their whole vibe is fairly hip (you can click for cypther-text and ‘be amazed’--try it. The background is purple (may offput some) and you can’t change your names. NOTE: The whole thing is in beta so all of this is kinda meaningless right now.
This is The  Omnivore’s preferred service. They were very responsive to a bug-report on Twitter.
Animalous: a clever service signs you in as an “animal” (Pink Lion, Blue Seal, etc.) and gives you a very secure chat that handles video, audio, and file transfer as well. NOTE: Animalous beats Cyph in the login-category. It gives you a link AND a short six-digit code (also good for 10 min). Thus, if someone is waiting at the site you can just tell them the code voice and they can punch it in--you don’t have to send a link. Also, when someone joins your room, you get a notification that some animal wants to join and can accept or refuse. This stops unknowns from “wandering in.”
Animalous uses two-layer encryption (HTTPS and AES-GCM). This appears to be a public/private key system with secure exchange. Furthermore, their servers are housed in a bunker in Sweden which would make them harder to get to.
It may be the server-location but the speed of Animalous seemed too slow going from Nexus to Chromebook over time. Slow enough to make The Omnivore look for other solutions. There was also a problem with periodic sign-outs.
Animalous and Cyph play in the same space. Animalous is slightly more polished--but the speed factor and disconnects are a problem.
Encrypted Chat: advertised on the chrome store, it is a basic web-page with the Room, Nick, and Password schema. It is a very clean basic interface which is fast and responsive.
It uses AES and HTTPS. You can view the source code if you want (good luck)
The system seems to be based in Russia. Which is suspect on the face of things.
While a good option, it is not showing ads like ChatCrypt but does not have the security or features of Animalous or Cyph. It is light-weight. The Russian thing is probably not a real issue--but you never know..

Of these, The Omnivore would currently pick Cyph--once it is out of Beta, it could be the best of the lot.


Encrypted communication between disparate devices was actually much harder than The Omnivore expected. This might answer the question: "Why don't more people do this?" It also points out the problem that normal people can't determine if something is really safe. The Omnivore is pretty technical--but reviewing AES source-code is a specialty. Reading about the Castle Protocol or understanding digital signing is also beyond most users in terms of understanding specific vulnerabilities or knowing what to look for if you are being lied to.

On the other hand, any amount of this would probably have helped the political exposure we see when it comes to inquests or data-breaches.

* Yes, SOME compromises would get the clear-text--but a lot wouldn't. This could greatly complicate intrusion strategies and mitigate losses.

No comments:

Post a Comment