Music artist trolls NSA by sending an “uncrackable” mixtape

[Exterminator]

Content source

http://www.neowin.net/news/music-artist-trolls-nsa-by-sending-an-uncrackable-mixtape

The emergence of the Snowden leaks of 2013 revealed the extent of the National Security Agency’s (NSA) surveillance program. The leaks revealed privacy invasion on a mass scale, through mass email raids and several phone hacking scandals. While many internet users have since become more cautious, it has emerged that one user has challenged the NSA to decrypt something that is allegedly “uncrackable”- his mixtape.

In late May, hacker Artist David Huerta sent a mystery package to the NSA headquarters. The box contained an encrypted mixtape that can’t be accessed due to the private key-based cryptography. Through the use of an Arduino board and a wave shield sandwiched in between two laser-etched pieces of transparent acrylic, Huerta says he was able to produce an “uncrackable” mixtape.

The New York based engineer says the poor audio quality was meant to replicate a typical wiretapped phone conversation.

“The use of a giant-ass Arduino and wave shield was chosen since the (shitty) 44KHz wave file format gave it roughly the same audio quality I figured a wiretapped AT&T phone conversation would have."

Huerta also put a lot of thought into the transparent design of the cassette. The software engineer says it symboilises the “hidden exploitation of proprietary smartphones" by computery mercenaries such as the HackingTeam. Huerta added the device would not be a black box, “figuratively or literally”.

The design of the cassette is ironically transparent, unlike the NSA's motives.

While the NSA has the power to penetrate a number of systems, Huerta ensures the organisation does not have the technology, or private key, to crack the mixtape.

Perhaps, this small but powerful invention can inspire a generation of products that can ward off the prying eyes of the NSA.

Source: Medium via Motherboard | Images via Motherboard

 

[Cowpipe]

Would be much better if the mixtape featured snowden rapping about soon to be released NSA secrets, i bet they'd try to crack it then!

 

[Nico@FMA]

What most people do not realize is that the NSA has incredible capabilties, however they are NOT god.
And they are not all knowing. I have seen industrial custom security software that are ONE of a kind and 100% NSA proof.
As the very OS is not Windows, Mac, Linux but a totally custom OS unique used within that company.
So from a industrial point true security can be achieved as long the software is not mass produced. But to achieve such security a company has to spend a BIG bag of money.

 

[Cowpipe]

What most people do not realize is that the NSA has incredible capabilties, however they are NOT god.
And they are not all knowing. I have seen industrial custom security software that are ONE of a kind and 100% NSA proof.
As the very OS is not Windows, Mac, Linux but a totally custom OS unique used within that company.
So from a industrial point true security can be achieved as long the software is not mass produced. But to achieve such security a company has to spend a BIG bag of money.

And in such a case, where the company cannot be penetrated digitally, the much overlooked physical security attack vectors are to be considered. Interception of a replacement circuit board (rf transmitters can be hidden quite easily), a rogue employee etc. But still, much of it is hype, if the NSA wants access they don't need to write code, just a warrant

 

[Nico@FMA]

And in such a case, where the company cannot be penetrated digitally, the much overlooked physical security attack vectors are to be considered. Interception of a replacement circuit board (rf transmitters can be hidden quite easily), a rogue employee etc. But still, much of it is hype, if the NSA wants access they don't need to write code, just a warrant

Lol i would like to see that Warrant being applied in Germany where this particular company is based.
Or its Dutch satellite location.
I know exactly what the CEO of that company is going to say: Dang mister NSA you are just in time as i was out of toilet paper.
Keep in mind within Dutch Law and German Law that warrant first needs to be approved by a local supreme and district judge (backed by credible proof) as a American supreme court and judge has NO authority here.
Which means the warrant is toilet paper at best specially if the company has NO connections data wise to the US.

 

[Cowpipe]

Lol i would like to see that Warrant being applied in Germany where this particular company is based.
Or its Dutch satellite location.
I know exactly what the CEO of that company is going to say: Dang mister NSA you are just in time as i was out of toilet paper.
Keep in mind within Dutch Law and German Law that warrant first needs to be approved by a local supreme and district judge (backed by credible proof) as a American supreme court and judge has NO authority here.
Which means the warrant is toilet paper at best specially if the company has NO connections data wise to the US.

That was my point with the physical security thing I was referring to the power of the NSA warrants over American companies

 

[Nico@FMA]

That was my point with the physical security thing I was referring to the power of the NSA warrants over American companies

Right i understand.

 

[Cowpipe]

Right i understand.

A low power rf transmitter can easily be concealed on a circuit board and has enough range to reach outside of the building where more high powered and concealed circuitry can forward the collected data to wherever. I've seen it happen, built them myself for varying purposes and it's certainly a technique that's been in the uk, probably the nsa as well.

 

[Nico@FMA]

A low power rf transmitter can easily be concealed on a circuit board and has enough range to reach outside of the building where more high powered and concealed circuitry can forward the collected data to wherever. I've seen it happen, built them myself for varying purposes and it's certainly a technique that's been in the uk, probably the nsa as well.

Sure i know that a RF device can be planted. However the company shields phone and other communications signals.
Basically if you come into the factory itself and into the R&D section then your phone goes blind just like in a hospital.
But yeah a RF and such is a risk. But that does not fall under data tapping as this is PURE espionage.
I was referring specifically about PRISM and warrant based data collection tools that the NSA applies.

 

[Cowpipe]

Sure i know that a RF device can be planted. However the company shields phone and other communications signals.
Basically if you come into the factory itself and into the R&D section then your phone goes blind just like in a hospital.
But yeah a RF and such is a risk. But that does not fall under data tapping as this is PURE espionage.
I was referring specifically about PRISM and warrant based data collection tools that the NSA applies.

Ah, gotcha. There are ways to unjam a signal of course but that is besides the point here.