FBI outed in attempt to obtain SSL certificate

[Lagmonster]

Is there some way that having access to the system would give the FBI access to all messages sent over the entire life of Snowden using the email system? Because I would assume that the instant this hit the news Snowden would have completely sanitized his email and moved to an email service run through a country that generally gives the United States the finger when it makes requests.

If you *really* wanted to be skeptical, you could argue that we don't actually know who the target was. We know they share an email provider with Snowden, but that's not what I would technically accept as certain evidence. It would be, however, a fairly obvious choice.

[Replicant]

Is there some way that having access to the system would give the FBI access to all messages sent over the entire life of Snowden using the email system? Because I would assume that the instant this hit the news Snowden would have completely sanitized his email and moved to an email service run through a country that generally gives the United States the finger when it makes requests.

If you *really* wanted to be skeptical, you could argue that we don't actually know who the target was. We know they share an email provider with Snowden, but that's not what I would technically accept as certain evidence. It would be, however, a fairly obvious choice.

Very true and the whole Snowden angle could just be a red herring. I am sure there are those at the FBI and NSA that want nothing more than to close down any and all email systems that they are not able to hack into.

[Darth Holbytlan]

Is there some way that having access to the system would give the FBI access to all messages sent over the entire life of Snowden using the email system? Because I would assume that the instant this hit the news Snowden would have completely sanitized his email and moved to an email service run through a country that generally gives the United States the finger when it makes requests.

If you have a recording of an SSL session that wasn't using Perfect Forward Security and later on get a hold of the private key for the certificate, then you can decrypt the entire session after the fact. You just have to decrypt the start of the session where the client tells the server what secret key they are going to use, then use that to decrypt the rest of the session. If the session was using Perfect Forward Security then the secret key exchange happens using mathematical magic and the rest of the session won't be readable.

So if your Spooky Government Agency wants to break some conversations happening now, it can use its upstream taps to record the sessions immediately then work on getting the private key to decrypt them later on. Since very few sessions use Perfect Forward Security, that could be pretty effective. Which doesn't mean that is what the FBI is doing, but it is technically possible.

NB: I am simplifying many things, here. Read actual sources on cryptography and SSL if you want to know the full scoop.

[Replicant]

Is there some way that having access to the system would give the FBI access to all messages sent over the entire life of Snowden using the email system? Because I would assume that the instant this hit the news Snowden would have completely sanitized his email and moved to an email service run through a country that generally gives the United States the finger when it makes requests.

If you have a recording of an SSL session that wasn't using Perfect Forward Security and later on get a hold of the private key for the certificate, then you can decrypt the entire session after the fact. You just have to decrypt the start of the session where the client tells the server what secret key they are going to use, then use that to decrypt the rest of the session. If the session was using Perfect Forward Security then the secret key exchange happens using mathematical magic and the rest of the session won't be readable.

So if your Spooky Government Agency wants to break some conversations happening now, it can use its upstream taps to record the sessions immediately then work on getting the private key to decrypt them later on. Since very few sessions use Perfect Forward Security, that could be pretty effective. Which doesn't mean that is what the FBI is doing, but it is technically possible.

NB: I am simplifying many things, here. Read actual sources on cryptography and SSL if you want to know the full scoop.

I am certainly not an expert so maybe you answered this question already and I just didn't read it right.

To me part of using a super secure email system is that no one can go back and get to what I don't want them to get to. So if I delete old emails they should be gone forever so that even if the system is somehow hacked they can only see what I have chosen to keep saved in my email as opposed to what I deleted and purged from my trash can.

So would getting this SSL information allow the government to see the entire history of the users use of them email both the meta data and the specific email content? Or would it only give them access to what was still sitting in the Inbox, deleted folder, sent items, etc?

[Grumman]

If I understand him correctly, Holbytlan is talking about a two stage attack: copying the encrypted data before you delete it, and then at a later date getting your hands on the key needed to decrypt it. A true delete prevents anyone performing step one at any later point in time, but it does not help if they already stole a (currently unreadable) copy.

[Replicant]

If I understand him correctly, Holbytlan is talking about a two stage attack: copying the encrypted data before you delete it, and then at a later date getting your hands on the key needed to decrypt it. A true delete prevents anyone performing step one at any later point in time, but it does not help if they already stole a (currently unreadable) copy.

Okay I got you.

[Darth Holbytlan]

That's the essence of it. SSL is not intended as a method of storing encrypted data, but that doesn't mean that someone listening in on the transmission can't save the content for later analysis. (And, in fact, with the revelations about the NSA getting full streams of data from most major network providers, it looks like they have the technical capability to do this.) With the weakness in most SSL encryption methods (lack of Perfect Forward Security), finding out the server's private key would allow them to decode nearly any encrypted conversation made with that key as long as they had chosen to save it.