Hacker, cryptographer or psychic. Ordinary magic

On the brink: the art of crypto hacking or magic

In 2007, in California, at the request of the state authorities, during the election campaign, several strong hacker teams were assembled during a short period of time, who analyzed the applied systems of electronic voting machines and, oh, the “horror”, showed the monstrous weakness of each of them. It is striking that for more than a decade of using computer systems in the elections of the supreme political power in the United States (nominally the most democratic country in the world), the voting equipment has not been officially subjected to comprehensive, independent security audits. Manufacturers provided complete documentation, in-house technical descriptions and program source code texts. The term for research was limited to three weeks, but it turned out to be quite enough to demonstrate the weak protection of all electronic voting systems from abuse and manipulation of votes.

The results conducted by attracted computer security professionals from various American universities, in which reputable information protection laboratories are located, have not pleased. Although the intentionally embedded "back doors" in the codes of any of the programs have been identified.

For example, when important access passwords in one system do not change at all and are sewn into the program code, and in the other are calculated by a simple algorithm based on the serial number of the machine, the attacker does not need any backdoors, since he can easily enter through the front door.
')
Holes of protection, as shown by hackers, allow, for example, before the election starts to replace the official memory card with a “left” pre-programmed redistribute all votes cast in favor of one candidate, or simply transfer votes between candidates, if there are only two. Or, for example, in another case, it is shown that weakness in protecting the system allows an attacker to transform the official, already activated voter card into a smart card that provides, roughly speaking, “throwing in false ballots”, i.e. adds to the account an arbitrary number of the required votes. The reports prepared by hackers listing various weaknesses of voting machines occupy many dozens of pages. According to the results of these tests, some systems are already deprived of certificates issued earlier, which give access to elections, others are sent for urgent revision and re-certification.

However, according to experts in the field of information security, who studied the problem, all these machines have security subsystems as an additional extension, and not the foundation on which the architecture is built. Therefore, to make them really safe construction is impossible in principle. For, as experience shows, any new patch-patch always carries with it the potential threat of new weaknesses, and no one has yet succeeded in putting an end to this vicious patch series for patches.

A cryptographer, professor of computer science at the University of Pennsylvania, led the most numerous of the hacker testing teams in California. And so, we smoothly approached the moment of the story about the researcher Matt Blaze, well-known in cryptographic circles.

Matt blaze

Matt Blaze, being not a psychic, in 2007 took the "Randy challenge."

"Calling Randy"

Not! to magic, magic, extrasensory ... - point of view of the inveterate skeptic. The brightest representative of this category of humanity is illusionist magician James Randy. By his old age, he was “fed up with deceiving the audience with false miracles and tricks,” and he decided to devote the next part of his life to exposing all sorts of “paranormal”. Being a professional magician, he is not familiar with the technology of tricks, and for him people who call themselves magicians, parapsychologists, psychics, clairvoyants, shamans, "sorcerers" who predict the future, "correcting karma" actually do the same. , which he did almost all his life — they simply staked off. He became the creator of the James Randy Educational Foundation or, briefly, JREF. The Foundation is engaged in investigating and demystifying all sorts of “magic.” The goal is to instil in people the basics of critical thinking , skepticism and scientific methods of analysis.



A prize of $ 1 million was announced to anyone who demonstrates his supernatural abilities in a reliably controlled experiment. For several decades, many "magicians and wizards" were trying to get a rather big prize, but nobody managed to prove their "magic" under the strict conditions of scientific testing of JREF.



This continued until 2007. Approximately 50 people a year filled out applications, but, in fact, only a few people per month tried to pass preliminary tests. This is where the wonderworkers' journey ended in this test.
From among the contenders, one cannot ignore Natasha Lulova - if only because she is our compatriot.

Newspaper "On the Edge of the Impossible", No. 25 (304), 2002:

The Russian ten-year-old girl, who, incidentally, has been living with her parents in Brooklyn in New York for three years, accepted the challenge of the inveterate skeptic and decided to demonstrate to the whole world that she was eligible for a million dollar prize. For this, Natasha had to prove that she could blindly read and distinguish colors. And Natasha appeared in Randy's Manhattan office — with her mother, a lawyer, and an “instructor” named Mark Komissarov — also from Russia who was a chemical engineer at home.

So, the video cameras are turned on; Natasha's mother, Olga, is tying her eyes with a special bandage with pads of black rubber sponge. For almost a full hour of “warming up,” the instructor, sometimes talking to a girl in Russian, puts in front of her sheets of colored paper and a series of cards, each of which has a simple word printed on it. Natasha is tense, nervously twisting her head from side to side, sometimes rubbing her chin on her shoulder, leaning forward. Grimaces distort her face. But the color and the word calls true. Finally, she announces that she is ready for the experiment.

Now Randy's assistants get down to business. The girl is asked how many ten words she supposes to guess. “All ten,” Natasha says confidently and then proves it in practice. Similarly, she confidently and correctly identifies the color of each of the sheets of paper. When the blindfold was removed, Natasha could not hide her triumphant smile.

Miracle? Do not hurry. Now James Randi himself will test the girl’s extraordinary abilities.

Under the goggles of those present, he gives Natasha a pair of glasses like those in which swimmers dive, but the lenses of the glasses are covered with a rubber sponge and aluminum foil. Under the watchful eye of Randy, Natasha again successfully proves her superpowers.

The inflexible Randy complicates the experimental conditions. He tapes the edges of the glasses around the entire perimeter. Natasha still answers correctly. Then he sticks another additional strip of opaque film across Natalia's nose bridge. “Please speak only English,” warns researcher instructor Komissarov and his student. “Natalia, do not rub your face against your shoulder and do not stretch your neck.” Such movements, as Randy knows very well, are usually intended to gradually loosen the tension of the adhesive tape.

But what is it? Natasha's extrasensory abilities suddenly disappear completely, “evaporate”! Again and again she fails the experiments - one by one. She is no longer able to identify either a word or a color.

After an hour of unsuccessful attempts, the girl’s lawyer admits defeat. Natasha is crying. She has an ash-gray weary face and the lost eyes of a hunted cub. What's the matter?

Randy's explanation was simple. Initially, the experiments were successful, but the skeptic researcher was still internally convinced that this was just a trick. He began to look for a clue. And, in the end, he noticed the girl's unusual concavity of the nose. It was then that he suggested that when turning and tilting her head, Natasha uses a tiny gap between the dressing and the bridge of her nose with a hair to look to the left with her right eye, and to the right with her left. Gluing the girl’s nose with a film, Randy, if I may say so, blocked the gap. And exposed the deception conceived by Natalia (and Komissarov). So - already in 2002 - another myth collapsed. One of hundreds.

Hacker analyst Matt Blaze became interested in the competition, only "... for the reason that the JREF - in order to warm interest in their competition - decided to attract a rather fashionable theme among the public cipher."

The test conditions were as follows: In a safe safe at JREF headquarters, Randy hid a special item in a sealed form and announced that he would give the millionth prize to someone who, with the help of his wonderful gift, correctly guessed and described what item was in the cache.

To eliminate the scam of skeptical James Randy, he published a kind of “digital commitment” in which he described this thing in encrypted form. This code looked like this:
0679
4388
66/27
5 -14



For the hacker-cryptographer Matt Blaze, these numbers turned out to be quite enough to completely accurately guess and describe the object hidden in the JREF safe without being a “wizard”. With just the exertion of his mental abilities, he won a million dollar prize. True, Matt Blaze refused the prize. He showed that "... the art of hacking and cryptography is really on a very thin line between ordinary and supernatural. Therefore, even when every single step of the analysis can be rationally explained, the final picture still looks amazing - like a miracle."

For a gifted hacker, even a minimal leakage is enough to compromise the entire system. After thinking for a while on this puzzle, Matt suggested that the first 10 digits could mean ISBN, the standard international book number. And the truth is there is such a number - “0-679-43886-6” in Webster’s educational dictionary, released by Random House in 1995 (I found this book in the library, although, according to him, this was the most difficult part of the task). The next three digits after the slash separator (27 5) were assumed to be the page number, and the last two (14) the line number. The coordinates brought Blaise to a dictionary entry defining the term “compact disc.” In the safe was really hidden CD.


Matt Blaze and John Young

www.crypto.com is Blaze’s personal website (with a spectacular address). In 1993, he defended his thesis on Computer Science in Princeton and seriously took up the problems of protecting information in Internet protocols. From 1994, he worked in the AT & T giant corporation, where he was engaged in data protection. After working there for 10 years, in 2004 he left the company and began teaching at the University of Pennsylvania. As early as 1994, he became known, one of the few was allowed to analyze the Clipper-chip telephone coder, developed by the US National Security Agency.

The Clipper-Chip Encoder is a device (1990) for widespread adoption in telephones. On the one hand, such a device gave citizens the opportunity for confidential communication, and on the other, it gave the federal government a special access key that allowed it to listen to any encrypted conversation without any problems.



After studying the device, Matt Blaze, manipulating its parameters, introduced the encoder to a mode of operation when the authorities' special key was useless and did not give access to a secret connection. For ordinary citizens, this would be the state’s invasion of privacy. After that, the entire Government Clipper program was minimized.

The most notable achievement of the "Blaze Group" can be considered a study of police telephone listening systems, conducted in 2005. The Blaze Group was given a solid grant (by the US National Science Foundation as part of a large anti-terrorism program to strengthen computer security) to search for new efficient interception technologies in the context of modern communication systems. To study the means of interception used, a study of publicly available open sources was conducted.

And so, the most serious constructive weaknesses in the equipment for listening to phones were again discovered. The vulnerability of such wiretaps: in order to turn off the listening system, the object of surveillance was just to send a “channel release” tone signal to the line, known as a “beep-tone”, which the bug recorder gives to the tape recorder during those moments when the phone is not is used. This does not affect the quality of voice transmission in the channel, but it stably blocks the operation of the tape recorder. In practice, the group has demonstrated that even an absolutely incompetent person can use the listening system. A more sophisticated attacker connecting the phone to a computer with the appropriate program that manipulates dialing signals can deceive the listening equipment in a variety of ways.

You can force it to register the wrong incoming and outgoing call numbers, simulate false calls, give fake calls to the tape recorder.



The police authorities initially cited the fact that Blaise’s results refer to outdated analog telephone lines, but after all, the audition is conducted directly on digital PBXs. However, the Blaze group showed that their results are relevant for digital technologies. For some obscure reason, the FBI in 1999 insisted that “in the new telephone systems there should also be a“ channel release ”signal necessary to control the operation of the tape recorders of the listening equipment.”

In 2002, Matt Blaze decided to test the cryptanalysis method on anything other than computers. His choice fell on the area of ​​locks and keys, since it was from here that computer security borrowed many terms and metaphors. Shoveling a lot of literature on plumbing and the work of locking mechanisms, Blaise soon discovered the “terrible secret” of English locks with a master key.

For more than a century, locks of this type have been used in various institutions, office buildings, and sanatorium hospitals, in short, everywhere where uniform constipation is installed at the door, which serves the same mechanic. For the convenience of a locksmith, all such locks have two opening combinations in the location of the pins - one individual for the master key and one common for the master key. Ironically, this scheme is very similar to the construction of the "clipper chip", which also had two keys - for the owner of the phone and for the authorities. And now it was Blaise who publicly compromised mechanical locks as well. Applying the cryptographic analysis methods to the design, effectively narrowing the area of ​​enumeration of possible options, the scientist showed that having only one lock and the key opening it at hand, it is possible to calculate and select the shape of the universal master key in a few minutes. In other words, to open all the locks in the building you need only a file and not more than a dozen key blanks for testing options.

Later, Blaise seriously took up the study of the relationship between real security systems used for protection in the physical world and software / cryptographic systems used in the electronic world. “Opening of safes in the eyes of a computer scientist” - an article by a scientist on this topic.

Experts who work with safes and safe locks, believe that Blaise committed an absolutely irresponsible act by publishing information not intended for disclosure. It was customary to transmit them (how strange it would not have sounded), word of mouth, from student to teacher. Literature on this topic, if there is, then access to it is limited.

When Blaise designed his work as an article for IEEE Security and Privacy, her preprint attracted the attention of the New York Times correspondent, where the story received wide publicity. Over the course of several days, Blaise’s e-mail box was filled with letters from angry professionals, mainly lock specialists, who accused the author of being not only a complete idiot (since anyone already knows about his “discovery”), but also an irresponsible person (because the described method is very dangerous and cannot be published). Professionals, it seems, did not even think that the two accusations mutually exclude each other. There were also angry letters of the third kind, suggesting that Blaise’s method most likely would not work, since he is not an expert and has no idea how locks actually work ...

It turns out that the casting industry (as well as crackers) is well aware of the vulnerability of the system for more than a hundred years, but does absolutely nothing to change it, relying on the principle "weakness must be kept secret."



It is interesting that today it is already quite obvious that the opening of locks without a key has become one of the most favorite activities of computer professionals, having fun with this as a hobby or even a kind of sport. For the past few years, annual hacker conferences like DefCon and HOPE have undoubtedly hosted lock-in competitions for the time being.





At all times, all power was wary and suspicious of competent people who knew their business well, and therefore had a tendency to independent thinking and independent judgments. Long ago, they were considered to be shamans, wizards, and with the advent of high technology they were called “hackers”. The tendency to the fact that not only ordinary people, but even even politicians in state structures are beginning to perceive hackers and their significance for society is radically different, is already noticeable. However, this process is very difficult and inconsistent. Alas, for the time being, in structures that have power and influence, understanding hacking is normal only if “hackers” work directly for you. For computer crimes in the courts of the United States now impose disproportionately harsh sentences with terms of imprisonment far in excess of the penalties for premeditated murder.And the legal picture as a whole is replete with completely absurd situations.