48 comments

[ 3.3 ms ] story [ 110 ms ] thread
Is there anyone else reluctant to open a pdf from the NSA?
(a) It's from their museum facility (if you ever get the chance to visit the National Cryptologic Museum in Maryland TAKE IT TAKE IT TAKE IT)[1], not the NSA itself.

(b) It's a scan of a 30-year-old report on a completed project, redacted heavily. Nothing more.

(c) If they want your inside leg measurement they've got better ways to find it without feeding you a PDF they overtly created.

[1] Where else will you find a teaching exhibit for visiting schoolkids that lets them cypher a message on a no-shit four rotor WW2 German Enigma machine, hand it to a friend, and watch them decrypt it on another Engima machine at the other side of the room? (Hint: valuable museum pieces.) Also, working (or at least blinkenlights powered up) exhibits like a CM1 Connection Machine and a Cray X-MP, and a history of their amazing linguistics branch[2] ...

[2] Who have the world's largest collection of bible translations. Want to know why? It's worth your while to pay them a visit.

I'd wager a guess that [2] was necessary for messages using it as a code, e.g., page number+word number, or page number and then the Nth word or letter.
Nope.

The real answer is, the NSA is all about communications -- which isn't just electronics: it includes a huge element of linguistics.

The Bible angle: when a new tribe or culture is contacted, the very first thing that happens is that Christian missionaries get all excited and do their best to go there to spread the gospel. To do this, they have to learn the language sufficiently well to translate the Bible. So you've got this one text (with a quantifiably-variant or de-facto invariant baseline) that gets translated into every language on the planet as fast as is humanly possible after that language is discovered. It's a Rosetta stone.

I forget the number that was given for how many different-language Bibles the NSA has in their library, but it was impressive -- something over 900 languages.

In response:

(a) I wish I could but I doubt I ever will. I've heard so much bad stuff about US border guards being annoying and transiting through the US being slow and painful that I won't even use a US hub anymore.

(b) Cool I guess I can't know if this is true without opening it though? This is partly the fault of the pdf spec itself. Maybe a more transparent document format would help (does that even exist)?.

(c) I suspect that they already have them.

Furthermore. I actually really want to read it. I'd really like to trust the NSA. However, their record is not good on being trustworthy.

How is PDF not as transparent as any other open binary format (though PDF is more like mixed)?

Edit:

> Maybe a more transparent document format would help (does not even exist).

I don't know if more transparent, but djvu exists for scanned documents. Postscript also exists but I would doubt that it's safer than PDF.

I am aware that the pdf specific is open. However pdf does a lot of things and is somewhat complex. I argue more than is needed for transmitting documents. Can you personally verify that a given pdf does nothing malicious?
Can you personally verify that a given jpeg does nothing malicious? Same thing, you trust (or not) your reader and its parser and hope it doesn't have any remote code execution vulnerability. Or you stop reading PDF files and stop viewing images.
Nope I can't. In reality how many exploits have actually been contained in jpegs vs pdf though?
That's an other question. Parsers of multimedia formats often have nasty vulnerabilities though. The most vulnerable part of PDF readers is the handling of embedded javascript. It can be easily evaded by using a viewer that doesn't implement the javascript functionalities of PDF, most files don't use it anyway.
Wow this got a lot of downvotes. I don't normally comment on downvotes but I'm wondering why so many? What about this is causing annoyance?
>TAKE IT

Seconded. I went midweek around noon and it was pretty quiet so I got a personal 90 minute tour by an NSA retiree. He was very knowledgeable about crypto history, esp. as used in the cold war and WWII. They had Turing's "bombe", multiple Enigma variants, many lesser-known crypto machines, historic correspondence, a Cray YMP, codetalkers exhibit, spy satellites, and tons of other good stuff. Everything is free - except merchandise in the gift shop, which is also pretty unique.

Download it, block all ports, run pdf reader in a chroot...B)
And on a separate X server. It's more like trusting your reader than the PDF file itself.
>destroy computer after reading.
Perfectly common, of course. Usually the way to do this is to use a virtual machine which you then throw away.
but why do you trust your hypervisor? QEMU had a floppy controller escape bug published last month. Xen has one today.
(comment deleted)
By doing this the chain of things that have to be broken for an exploit to escape is getting longer.
So the best thing you can do is to nest different kind of VM hypervisors with different OS guests and read the pdf in the innermost machine.
Or just read it on someone else's computer?
There's a name for that. The Stallman Co-Computer.
Not really. If the NSA would feed me a harmful pdf, it would come so I wouldn't know it is from NSA.
I'll open it on my work computer, they surely already have access to anything important anyway.
If you are that paranoid, then you shouldn't open any pdf that you find on the internet. The NSA has the ability to proxy any file you download and inject anything they want.
The article mentions the listening bug in the Great Seal in a side note, but it's arguably an even better hack:

https://en.wikipedia.org/wiki/The_Thing_%28listening_device%...

I was glad to learn that "The Thing" was apparently designed by Léon Theremin who invented in 1928 (!) the famous "electronic musical instrument controlled without physical contact by the performer."

https://en.wikipedia.org/wiki/Theremin

He invented it earlier than that, as he personally demoed it to Lenin (who died in 1924).
"As a totalitarian society, the Soviet Union valued eavesdropping and thus developed ingenious methods to accomplish it." (page 2)
As opposed to the US, which developed no eavesdropping methods or bugs at all.
(comment deleted)
"The GUNMAN project had a major impact on the intelligence community as a whole. It brought about a greater understanding of the thinking and operations in a totalitarian society. The community became more aware of the hostile electronic threat against the U.S. As <redacted> explained, "If any other agency such as CIA or the State Department had discovered the bug, this change would not have occurred because they would not have publicized the incident." NSA, however, briefed all levels of government to warn them of the danger. NSA was not out to assess blame; it took the problem-solving approach." (p. 17)
I stopped reading, copied the exact same text to post as a comment and see it's already at the top...
Just did the same thing. I love this place
Just think: if everybody posted article snippets with no commentary, we could crowdsource the entire article being redundantly posted piecemeal to HN and nobody would need to click through to the article at all.
(comment deleted)
The word "totalitarian" is hyphenated, to make the line justified. Anyone else try to search for the phrase with a Ctrl-F, come up with zero, and jump to the conclusion that the spooks had redacted the document?

I should perhaps look into having my paranoia treated.

But when I say the US has many communist highlights in its long grey hair, I get downvoted.

It's as if Obama was never indoctrinated by Communist Frank Marshall Davis (who was under FBI investigation for we don't know what) and learned to hate white people, capitalism, self-made people, small-business owners... or as Obama would surely call them, the proletariat.

Crazy times.

"Keeping track of all the various software was hard enough, but keeping track of all of the variations [in the software] was a nightmare."

Sounds all too familiar.

The dates associated with this document seem confusing and contradictory. I can only assume that's intentional.

I'll also not be surprised if it makes my computer self-destruct via spontaneous self-combustion after reading.

The "How it worked" part is in "Implant Characteristics" section, Page 16 of the PDF and forward.
For those too paranoid to open a .PDF from the NSA, several solid parts in the typewriter were replaced by solid-looking parts with embedded circuits and altered magnetic characteristics.

These circuits magnetically detected the motion of the arms that carried and moved the character ball. So non-printing keystrokes, like space, tab, and backspace, and the character that did not rotate the ball, '-', were not detectable. The circuits had a tiny buffer, so would transmit the detected characters as they were being typed. Early models used batteries. Later bugs diverted some of the AC mains power from the typewriter.

It is likely that a relay antenna was employed to increase the detection range of the transmitted signals, which used the same frequencies as local television broadcasts.

That's really about it. The bugs were largely undetectable without x-raying every single part in the typewriter, which is how they were eventually found.

Ah, when your adversary knows more about your stuff than you do.