US spooks claim that they have has VPNs in a “Vulcan death grip” and can “uncloak” any encrypted traffic.
In a story which appears to have been written by Der Speigel’s Star Trek nut who was the only one in the office during the holiday break, the National Security Agency’s Office of Target Pursuit (OTP) has said that it maintains a team of engineers dedicated to cracking the of virtual private networks (VPNs).
A slide deck [shurely holodeck. Ed] from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs. Der Speigel gleefully pointed out that the tools with names drawn from Star Trek and other bits of popular culture.
In 2010, the NSA had already developed tools to attack the most commonly used VPN encryption schemes: Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.
The NSA has a specific repository for capturing VPN metadata called Toygrippe. The repository stores information on VPN sessions between systems of interest, including their “fingerprints” for specific machines and which VPN services they have connected to, their key exchanges, and other connection data. VPN “fingerprints” can also be extracted from Xkeyscore, the NSA’s distributed “big data” store of all recently captured Internet traffic, to be used in identifying targets and developing an attack.
When an IPSec VPN is identified and “tasked” by NSA analysts, according to the presentation, a “full take” of its traffic is stored in Vulcandeathgrip, a VPN data repository. There are similar, separate repositories for PPTP and SSL VPN traffic dubbed Fourscore and Vulcanmindmeld.
The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) harvested from sources such as exploited routers and stored in a key database called CORALREEF. Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, successfully cracked VPNs are then processed by a system called Turtlepower and sorted into the NSA’s Xkeyscore -traffic database, and extracted content is pushed to the Pinwhale “digital network intelligence” content database.
All this can apparently move any Klingons using a technique first seen in the game Star Control II but never actually used on Star Trek.