By Ryan Singel
August 30, 2007
Computer science professor Steven Bellovin -- one of the most
knowledgeable outsiders on the government's eavesdropping mandates known
as CALEA, pored over recently released documents that outline the FBI's
extensive, eavesdropping architecture .
He concludes that they don't bode well for anyone:
I don't think the FBI really understands computer security. More
precisely, while parts of the organization seem to, the overall
design of the DCS-3000 system shows that when it comes to building
and operating secure systems, they just don't get it.
The most obvious example is the account management scheme described
in the DCS-3000 documents: there are no unprivileged userids. In
fact, there are no individual userids; rather, there are two
privileged accounts. Each has diferent powers; however, as the
documents themselves note, each can change the other's permissions
to restore the missing abilities. Where is the per-user
accountability? Why should ordinary users run in privileged mode at
all? The answers are simple and dismaying.
Instead of personal userids, the FBI relies on log sheets. This may
provide sufficient accountability if everyone follows the rules. It
provides no protection against rule-breakers. It is worth noting
that Robert Hanssen obtained much of the information he sold to the
Soviets by exploiting weak permission mechanisms in the FBI's
Automated Case System. The DCS-3000 system doesn't have proper
password security mechanisms, either, which brings up another point:
why does a high-security system use passwords at all? We've know for
years how weak they are. Why not use smart cards for authentication?
The FBI and Computer Security - SMBlog Steven Bellovin's Blog
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!