One of the documents leaked by Edward Snowden indicates that the NSA uses "man in the middle" attacks to hijack your interactions with Google servers. Here's how such attacks work, and how to protect your browsing.
Tech website Techdirt appears to have been the first to notice the reference to the attack, which appeared on a slide which aired during a Brazilian newscast. A section of that slide is below.
The diagram shows a number of requests for Google webpages coming into a router (the three arrows at lower left). Coming into the router from the very bottom is the NSA's request to route data from the surveillance target to a "static route" — in other words, somewhere besides Google. Once the requests reach the router, most head up to the "legitimate Google server," at top. But the target's traffic takes a detour, heading through the server labeled "MITM" before going on to the Google server.
"MITM," of course, stands for "man in the middle." The NSA inserts itself between the target and where the target is trying to get. It is the man in the middle. It's as though you were sending a package to a friend, but the NSA told the mailman to bring it to their offices first. They look at it, repackage it, and send it on to its final destination. To extend that analogy, it's also like you decided to send your package via certified mail, requesting a signature once the package arrives. What the NSA is doing, in essence, is signing your friend's name.
The Atlantic Wire spoke by phone with the Electronic Frontier Foundation's Micah Lee, who previously helped us put together our guide to hiding from the NSA. In that guide, Lee warned about man-in-the-middle attacks, but pointed out (as he did on Friday) that it was hard to do such things at a wide scale. Unlike other forms of surveillance, MITM attacks are generally (but not necessarily) detectable.
To understand why, we need to get a little more into the details. When a user requests information from Google, Google uses secure-sockets layering (or SSL) to protect the data. That SSL requires bits of data called "keys" in order to encrypt the conversation; those keys are certified as valid — as being from Google — by a certificate authority. In order to carry out the attack, Lee explains, "the attacker would make their own SSL key and their own certificate and get an authority to sign the certificate." In other words, they need someone to provide the technical validation that the SSL key the NSA is using is from Google, even though it isn't. (There are exceptions, which we'll get to below.) There are hundreds of certificate authorities, and it only takes one to sign off on a false certificate to undermine the system.
This is why it's hard to bring the attack to scale, though. The NSA can't easily do this with everyone if it's using a forged certificate, because the certificate used for the SSL is public information. If you've been communicating securely with Google for months and then suddenly the certificate changes, you may be subject to a man-in-the-middle attack. There are enough technically-savvy people in America to detect that change, as Lee notes.
So what can you do to protect yourself? Lee offered a few suggestions. As part of our original guide to foiling surveillance, he offered the EFF's SSL Observatory. It tracks the SSL certificates being used to encrypt traffic on the web and — while it doesn't do this yet — can in the future warn you of such certificate changes. Lee also suggested Convergence, a plug-in for Firefox that replaces the closed certificate system. As we noted in our coverage of how the NSA compromised encryption, using open source tools (like Convergence) instead of closed ones (like the certificate authorities) allows review by multiple parties of what's happening. It's Jane Jacobs applied to tech: more eyes make safer neighborhoods.
Another option: Glenn Fleishman, a journalist who writes about technology, wrote a prescient article in the wake of the NSA encryption revelations. In it, he discussed certificate authority, and recommended the Perspectives Project, which similarly offers a plug-in allowing you to trust only certificate authorities you trust, or authorities those you trust trust.
If you don't use Firefox, another option: Google Chrome. Lee and Fleishman both note that Chrome includes "certificate pinning." Lee explains: "It hard-codes certificates for google.com and other domain names [in the browser]. … So if you're using chrome and you get a man-in-the-middle attack by the NSA, Chrome knows what certificate to trust."
Assuming you trust Google. We asked Lee if the PRISM program in which Google participates might mean that Google isn't a trustworthy partner. He explained the three ways it could happen.
- Google pins the NSA's certificate as well as its own, though this might be detectable.
- Get Google to give the NSA a copy of its SSL key, though this would probably render the MITM attacks unnecessary. And, he points out, Google has denied doing so.
- Hack Google and steal their SSL key, but again, this would probably make the attacks unnecessary.
Interestingly, the EFF already has a slew of data from users of SSL Observatory — data which could be used to demonstrate if and when a particular user had been subject to a MITM attack. If they were, it doesn't necessarily follow that the NSA is responsible; hackers try and do the same thing for different reasons. Which is also why the NSA is unlikely to be doing this on a broad scale. It leaves fingerprints. Use the tools above and you might not catch the NSA in the act, but you may after the fact be able to collect some evidence.
Photo: The man in the middle is wearing a white Google Glass. (AP)