Definitely Fear the Reaper

Implementing known flaws or backdoors into encryption suites to enable government surveillance has once again become an issue within American politics

In March last year, a major security vulnerability (CVE 2015–0204) was discovered by Microsoft researchers that allowed attackers to intercept and break encrypted messages sent using the OpenSSL encryption suite.

This vulnerability, known as the Factoring attack on RSA EXPORT Keys or simply “FREAK”, downgraded the encryption strength of SSL-protected communication such that the then-advanced computing power wielded by intelligence organizations like the NSA could decrypt such data but that hackers and other organizations could not.

I was at AlienVault Labs when FREAK was discovered, and I was asked to comment on the story by a few media sources after my team and I poured over data coming from OpenSSL.

What we found was frightening. Exploiting FREAK made attacking online communication a comically trivial affair. Brute forcing FREAK on AWS was cheap, and according to estimates from our friends at Qualys cost “less than $105 on 7.5 hours of server time.”

We even jokingly wondered if we could build a brute force device out of Raspberry Pis or a set of iPhones, given how powerful even these modest modern computing devices were in the face of FREAK.

FREAK is just one of a score of vulnerabilities discovered within OpenSSL in the past year — an encryption suite critical for online communication. OpenSSL is used primarily to encrypt HTTP traffic across any “HTTPs” URL — the “s” meaning that communication between the user and a server is secure.

But unlike other high profile OpenSSL vulnerabilities like Heartbleed or Shellshock, FREAK is not the result of negligent programming (or if you’ve got your tin foil hat on tight enough government sabotage).

Instead, FREAK was created by politics: American politics to be exact.

In the late 1980s, as the commercial internet was at its dawn with the beginning of HTTP and the world wide web, the United States and its NATO allies set out to restrict the transmission of sensitive technologies to the Soviet Union.

The internet makes sharing data and technology cheaper than it has ever been in human history. This ease in sharing information and data was a critical concern during the Cold War, as sensitive computing technology such as cryptography is essential to privacy on the web but could also be used for protecting wartime communication.

To ensure that the Soviet Union and its client states couldn’t get access to powerful cryptography, the US government pressured software manufacturers like Netscape to produce “international” versions of their software that had purposely downgraded encryption. Such downgraded encryption featured much smaller key lengths than their “domestic” counterparts, making it a trivial task to break that encrypted data using military supercomputers like those wielded by the NSA.

FREAK was the result of this downgraded encryption. A long forgotten feature of OpenSSL was the use of export keys, keys with a RSA modulus length of 512 bits or less that could be easily broken by intelligence agencies with advanced computing resources in the early 90s but not by commercial groups or hackers at the time.

The computing power afforded to most people today is much more powerful than their 90’s counterparts, and using FREAK hackers can break OpenSSL encrypted data on Amazon AWS in only a few hours.

Vulnerabilities like FREAK should ideally be left as an interesting historical anecdote and a cautionary tale. After all: neutering encryption for the purposes of restricting access to cryptography to potential adversaries is something that the US seems to have given up on, as geographical restrictions are largely irrelevant on the modern internet.

But in the 2016 US Presidential election both the Democrat and Republican frontrunners have voiced their desire for private groups to once again weaken encryption for government surveillance.

Instituting weakened encryption or even backdoors for US intelligence orgs and law inforcement is a bi-partisan desire. Both Hillary Clinton and Donald Trump support some degree of government access to sensitive online data.

Concerned that encryption might be used as a “terrorist tool” during the first Democratic Primary Debate, Hillary Clinton called on Silicon Valley companies to work together with the government on weakening or even installing backdoors within common encryption suites.

“It doesn’t do anybody any good if terrorists can move toward encrypted communication that no law enforcement agency can break into before or after,” she said to sporadic if not confused applause.

Her counterpart Donald Trump took a similar stand after a Republican Primary debate in December, noting that, “we should be able to penetrate the Internet and find out exactly where ISIS is and everything about ISIS.“

The bi-partisan desire to weaken encryption controls and allow government surveillance access to private communication can be seen in the inclusion of CISA as part of the Omnibus government funding bill passed in late 2015.

CISA, or the Cybersecurity Information Sharing Act, mandates that private should share information about “imminent” cyberattacks with law enforcement and domestic intelligence agencies.

Unfortunately the bill does not mandate a minimum level of security for that data, nor does it section out personal information that could be used for so-called “warrantless wiretapping” in a manner similar to the domestic spying programs revealed by Edward Snowden.

Both CISA and the desire to weaken encryption (or provide backdoors) can seriously jeopardize the security of online communication — both in the United States and abroad.

As FREAK shows, weakening keys now can have serious unintended consequences years from now when computing technology improves. If we were to install something as audacious as an encryption backdoor into various cryptosystems, that backdoor could be exploited and used by malicious hackers.

Certainly the modern internet would not use such weakened encryption, and US businesses and cloud providers forced to use such encryption could find themselves abandoned as European and Asian companies who find the prospect of US government surveillance non-ideal leave for foreign competitors who do not have such restrictions.

Data center colocation and cloud services providers such as Amazon AWS were forced to go to costly and extreme measures to court international business during the late 00’s, as provisions within the US PATRIOT Act made corporations like foreign banks and financial firms concerned about government surveillance.

This has already been a serious concern for US companies such as Amazon, who have had to navigate similar straits with the now-expired US PATRIOT Act’s surveillance provisions by spinning up costly European data centers and segmenting data movement by geography.

Additionally, implementing a sharing program under CISA without any mandate on minimum levels of security or sectioning off of personal data will incentivize hackers to go after tech companies who might maintain “farms” of CISA log data that contain personal information but are minimally protected.

The fact that CISA also does not have restrictions for personal information would likely concern foreign customers and users of US-based businesses and cloud services, a negative competitive impact that’s not unlike what might happen if we included backdoors in US-made encryption.

Whether one should trade weakened information security and privacy for the prospect of increased physical security is an old dilemma that goes back far beyond the dawn of the internet.

Given the consequences of FREAK and the potentially serious impact that implementing backdoors or weakening encryption for “export” will likely have however, it’s clear that the cost of marginally improving the probability of discovering terror plots through such dubious methods is likely too expensive for the United States (and the world) to pay.



Principal PM for Cryptography and Security Products @HashiCorp. Formerly Defense/NatSec & Crypto @NetApp, VC @GGVCapital + @AmplifyPartners

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andy Manoske

Andy Manoske

Principal PM for Cryptography and Security Products @HashiCorp. Formerly Defense/NatSec & Crypto @NetApp, VC @GGVCapital + @AmplifyPartners