[KoreyTM]

The article below from Der Spiegel was published on September 9, 2013. While somewhat dated, the information here is still relevant, and up to this point I had not seen such blatant revelations against Blackberry's security posted by any media outlet. So as a member of the professional IT community it's news to me (and hopefully others here). What's particularly alarming to me is how the article explains that the NSA somehow cracked Blackberry's BIS and BES service. Also, the documentation's dates in Spiegel's article doesn't cover the mass released of BB10 or BES10, so I'd wonder if the NSA also has backdoors into these softwares as well? To all those who'd like to know more on the state of Blackberry device and service security, you'll want to read this article - At the very least to scrutinize it. I've bolded some points that were of particular interest to me while reading the article.

How the NSA Spies on Smartphones Including the BlackBerry - SPIEGEL ONLINE

Cracking the Blackberry

The NSA and its partner agency, Britain's GCHQ, focused with similar intensity on another electronic toy: the BlackBerry.

This is particularly interesting given that the Canadian company's product is marketed to a specific target group: companies that buy the devices for their employees. In fact, the device, with its small keypad, is seen as more of a manager's tool than something suspected terrorists would use to discuss potential attacks.

The NSA also shares this assessment, noting that Nokia devices were long favored in extremist forums, with Apple following in third place and BlackBerry ranking a distant ninth.

According to several documents, the NSA spent years trying to crack BlackBerry communications, which enjoy a high degree of protection, and maintains a special "BlackBerry Working Group" specifically for this purpose. But the industry's rapid development cycles keep the specialists assigned to the group on their toes, as a GCHQ document marked "UK Secret" indicates.

According to the document, problems with the processing of BlackBerry data were suddenly encountered in May and June 2009, problems the agents attributed to a data compression method newly introduced by the manufacturer.

In July and August, the GCHQ team assigned to the case discovered that BlackBerry had previously acquired a smaller company. At the same time, the intelligence agency had begun studying the new BlackBerry code. In March 2010, the problem was finally solved, according to the internal account. "Champagne!" the analysts remarked, patting themselves on the back.

Security Concerns

The internal documents indicate that this was not the only success against Blackberry, a company that markets its devices as being surveillance-proof -- and one that has recently lost substantial market share due to strategic mistakes, as the NSA also notes with interest. According to one of the internal documents, in a section marked "Trends," the share of US government employees who used BlackBerry devices fell from 77 to less than 50 percent between August 2009 and May 2012.

The NSA concludes that ordinary consumer devices are increasingly replacing the only certified government smartphone, leading the analysts to voice their concerns about security. They apparently assume that they are the only agents worldwide capable of secretly tapping into BlackBerrys.

As far back as 2009, the NSA specialists noted that they could "see and read" text messages sent from BlackBerrys, and could also "collect and process BIS mails." BIS stands for BlackBerry Internet Service, which operates outside corporate networks, and which, in contrast to the data passing through internal BlackBerry services (BES), only compresses but does not encrypt data.

But even this highest level of security would seem not to be immune to NSA access, at least according to a presentation titled, "Your target is using a BlackBerry? Now what?" The presentation notes that the acquisition of encrypted BES communications requires a "sustained" operation by the NSA's Tailored Access Operation department in order to "fully prosecute your target." An email from a Mexican government agency, which appears in the presentation under the title "BES collection," reveals that this is applied successfully in practice.

Relying on BlackBerry

In June 2012, the documents show that the NSA was able to expand its arsenal against BlackBerry. Now they were also listing voice telephony among their "current capabilities," namely the two conventional mobile wireless standards in Europe and the United States, "GSM" and "CDMA."

But the internal group of experts, who had come together for a "BlackBerry round table" discussion, was still not satisfied. According to the documents, the question of which "additional enrichments would you like to see" with regards to BlackBerry was also discussed.

[qbnkelt]

OP, this should be a very interesting thread.

Thanks for sharing.

[wafguy]

Not sure there's much here re: BES.

SMS and voice - not protected by BIS/BES, so should be as vulnerable as on any other platform

BIS cracked - not too surprising and known for a while

BES - this sounds like it hasn't been cracked. From what I've read TAO involves attacking the endpoints and is only used when the communications channel CANNOT be monitored. (eg. want to read an Exchange users BES protected email? hack their PC where they use OutLook, nothing BES can do to protect that)

I haven't followed the NSA technical capabilities in too much detail, but my understanding is that they use TAO on BES-protected targets because they haven't hacked BES. I'm sure others will correct me if I'm wrong...

The problem here is that security is only as strong as its weakest link, and while BES does a good job of protecting the data while it exposed over the Internet, your private infrastructure at the endpoints will usually be vulnerable. The main thing good transport level security provides is that it makes you less vulnerable to getting swept up in mass interception campaigns, but if the NSA wants to read your email they can specifically target you and there's not much you or BB can do to stop it.

[KoreyTM]

Not sure there's much here re: BES.

SMS and voice - not protected by BIS/BES, so should be as vulnerable as on any other platform

BIS cracked - not too surprising and known for a while

BES - this sounds like it hasn't been cracked. From what I've read TAO involves attacking the endpoints and is only used when the communications channel CANNOT be monitored. (eg. want to read an Exchange users BES protected email? hack their PC where they use OutLook, nothing BES can do to protect that)

I haven't followed the NSA technical capabilities in too much detail, but my understanding is that they use TAO on BES-protected targets because they haven't hacked BES. I'm sure others will correct me if I'm wrong...

The problem here is that security is only as strong as its weakest link, and while BES does a good job of protecting the data while it exposed over the Internet, your private infrastructure at the endpoints will usually be vulnerable. The main thing good transport level security provides is that it makes you less vulnerable to getting swept up in mass interception campaigns, but if the NSA wants to read your email they can specifically target you and there's not much you or BB can do to stop it.

I definitely agree with you about the weakest links being the endpoints. No objection there.

I guess I'd be most interested to see the email that the article cites from the Mexican government entitled "BES collection". While my subdued skepticism at the article's claims is clashing with my IT background's need for caution, I'd be interested to see how pervasive the TAO's BES attacks are.

[erwinfr]

As far as I understand, they hack the BES servers OS, Windows and capture the data to and from the BES appliaction. So BES is not compromised. The communication from and to Exchange for example is the weakest link, they hack that.
Voice/SMS is not via BES so they just hack the Cell Network.

So still no prove BES is compromised, "only" the NON BES traffic

[KoreyTM]

As far as I understand, they hack the BES servers OS, Windows and capture the data to and from the BES appliaction. So BES is not compromised. The communication from and to Exchange for example is the weakest link, they hack that.
Voice/SMS is not via BES so they just hack the Cell Network.

So still no prove BES is compromised, "only" the NON BES traffic

If BES relies significantly on Exchange to distribute information accordingly, then I can definitely see how any unauthorized user could subvert Windows and Exchange to get the information they need. But with such an insecure base to rely on, namely Windows and Exchange security, doesn't this make the way BES communicates just as inherently insecure?

[wafguy]

I definitely agree with you about the weakest links being the endpoints. No objection there.

I guess I'd be most interested to see the email that the article cites from the Mexican government entitled "BES collection". While my subdued skepticism at the article's claims is clashing with my IT background's need for caution, I'd be interested to see how pervasive the TAO's BES attacks are.

I'm sure if the NSA decided to productize a TAO attack to work around BES they could make it very pervasive.

The whole idea of using any tech to block the NSA is ridiculous and to even entertain the idea that you can keep an electronic secrets from them is a fantasy. They have the resources to ensure that they can get whatever data they want, the best you can do (using something like BES) is make it inconvenient for them to do so.

[wafguy]

If BES relies significantly on Exchange to distribute information accordingly, then I can definitely see how any unauthorized user could subvert Windows and Exchange to get the information they need. But with such an insecure base to rely on, namely Windows and Exchange security, doesn't this make the way BES communicates just as inherently insecure?

Nope. BES is used to protect your traffic travelling over public channels. This is when your data is most easily exposed and BES seems to do a good job of protecting you there. If someone can get access endpoints you're toast.

The value of BES is for customers trying to engineer an end-to-end solution. Being able to say that "purchasing BES will allow you to focus your resources securing other links in the chain" is a huge value to a customer. If you've got ten hard/expensive problems to solve and someone can come up and say 'for a bit of money we can solve one of them for you' and no one else can do that, you're going to have a hard time not going with that solution.

[szlevi]

Same rehashed story - how many times we have to repeat the same crap...?
Yes, *ANY* GSM or SMS/text is inherently insecure, practically anyone can grab them with a better laptop and some specialty software, and that BIS is an oudated crap that's long considered cracked, unlike BES which is still secure as lon as it's configured properly (eg AES256) and none of the endpoints are compromised.

Sent from my C6833 using CB Forums mobile app

[Vorkosigan]

Most of this was already known, as the OP pointed out, however I hadn't read this exact article before.

I was interested to see that the NSA is interested in the fact that consumers are moving away from BlackBerry. Considering it requires a 'sustained' effort (which would also mean expensive) to hack any significant portion of BlackBerry, I can see why there are conspiracy theories regarding the US government encouraging the media to bash BlackBerry.

Posted via CB10

[Cozz4ever]

BES has never been hacked.

The data before and after, yes. But not BES itself. NSA can snoop on BES data but never decrypt it. That's like you looking at the bank safe. Yeah its right in front of you but it doesn't mean you can see inside the safe when it's locked down.

Some journalists try to make it the same thing. Just because NSA has the data doesn't mean they know what's in front of them.

Posted via CB10

[notafanboy]

Time to close this rehashed thread. It's getting old.

Posted via CB10

[katiepea]

Same rehashed story - how many times we have to repeat the same crap...?
Yes, *ANY* GSM or SMS/text is inherently insecure, practically anyone can grab them with a better laptop and some specialty software, and that BIS is an oudated crap that's long considered cracked, unlike BES which is still secure as lon as it's configured properly (eg AES256) and none of the endpoints are compromised.

Sent from my C6833 using CB Forums mobile app

You apparently need to read it again, it's not about gsm interception it's about cracking bes

[aniym]

Most of this was already known, as the OP pointed out, however I hadn't read this exact article before.

I was interested to see that the NSA is interested in the fact that consumers are moving away from BlackBerry. Considering it requires a 'sustained' effort (which would also mean expensive) to hack any significant portion of BlackBerry, I can see why there are conspiracy theories regarding the US government encouraging the media to bash BlackBerry.

Posted via CB10

Even if the NSA didn't like BB, it's not like they snapped their fingers and caused the company to shoehorn BB6/7 into touchscreen phones as well as delay BB10 by over 2 years. That is BB's root problem.

While other OEMs were launching hi-res screens, high quality cameras and app stores filled with brand name apps, BBs looked like they were frozen in time with their ancient OS, no apps, terrible browsing experience and same old dumpy form factor. Is it any surprise the media called them on it?

Sent from Galaxy Mega 6.3 using Tapatalk

[Vorkosigan]

Even if the NSA didn't like BB, it's not like they snapped their fingers and caused the company to shoehorn BB6/7 into touchscreen phones as well as delay BB10 by over 2 years. That is BB's root problem.

While other OEMs were launching hi-res screens, high quality cameras and app stores filled with brand name apps, BBs looked like they were frozen in time with their ancient OS, no apps, terrible browsing experience and same old dumpy form factor. Is it any surprise the media called them on it?

Sent from Galaxy Mega 6.3 using Tapatalk

I agree there was some cause - however the bashing BlackBerry has gotten has been excessive compared to any other company. Look at food companies - people have died from food poisoning and those companies haven't taken the flack that BlackBerry gets.

Posted via CB10

[Zidentia]

The essence of the article was retold with the focus on Apple being hacked since 2008. They claim they had full access to IPhone's which should give pause to Apple users. Regardless of the BB hacks it still appears that Bb is essentially secure. The systems that use it are not. SMS and voice is a given that it can be pulled from the air. I have not heard that BES itself has been hacked and decrypted.

[kraidx]

Der Spiegel released an article on the 29 December 2013 where states that the NSA was able to gain access to and read mails sent over Blackberry's BES email serverBES. It also released other related articles showing how NSA developed a set of tools for iOS phones and other type of attacks.

This is the link to the article that mentions BlackBerry BES

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks - SPIEGEL ONLINE

For me what strikes the most is the range of tools available to the NSA. They sure have the resources and the man power.

It proves that privacy, liberties and civil rights are non-existent in technology. That should alarm all of us, however I suspect that it will only strike a chord with the more techie of us.

It also makes me wonder about the intentions of such agencies, although they shield behind the "national security"
tagline its clear there is more than meets the eye and I would welcome some investigative journalism on the "Why" question and not solely on "Who is doing it and how its being done".

Furthermore I believe that encryption should be the norm and not the exception.

There are tools in development (Hemlis) and others already available (ostel, silent circle, RedPhone) that encrypt communication between devices, not to mention other tools like PGP, TOR, OTR, just to mention a few.

BlackBerry should take this opportunity to increase its security not just on BES and the standalone phone but also in the communications itself, an end to end solution.....at least between BlackBerry devices.

[EchoTango]

I'm not sure how much of this is intentionally inaccurate and to what degree the Blackberry communication suite is compromised.

The NSA currently holds a long term license on the ECC technology is probably working with Blackberry to ensure they don't produce a product dangerous to the US government or to the world at large. The algorithms associated with ECC are based on variation as opposed to an unsolvable equation, with is rumored to be close to or has been solved. The level of variation available to ECC is literally infinite which is why the patented encryption is recognized as the future of data security.

With deception part of the SOP for all intelligence agencies, I'm certain not all published information is real.

[FSeverino]

I didn't read this, don't have time, but...

There was an article I remember from around that time that said BlackBerry security was hacked... but then went on to say something like the device needed to be in hand, and even then it took an entire team an extended period of time to 'hack'.

I ll look at this again later. Thanks for posting.

Posted via CB10

[Sith_Apprentice]

I'm not sure how much of this is intentionally inaccurate and to what degree the Blackberry communication suite is compromised.

The NSA currently holds a long term license on the ECC technology is probably working with Blackberry to ensure they don't produce a product dangerous to the US government or to the world at large. The algorithms associated with ECC are based on variation as opposed to an unsolvable equation, with is rumored to be close to or has been solved. The level of variation available to ECC is literally infinite which is why the patented encryption is recognized as the future of data security.

With deception part of the SOP for all intelligence agencies, I'm certain not all published information is real.

And the patents for ECC are held by

NSA has already produced whitepapers that point to ECC replacing current forms of encryption in the next few years.

As to the above, I see they can read BES emails, but they dont say where the exploit/crack occured. It very well could be on the Exchange server side, or the MAPI connection (on previous version of BES). between BES and Exchange. This would still allow them to read the Emails without cracking any sort of encryption.

[Sith_Apprentice]

I didn't read this, don't have time, but...

There was an article I remember from around that time that said BlackBerry security was hacked... but then went on to say something like the device needed to be in hand, and even then it took an entire team an extended period of time to 'hack'.

I ll look at this again later. Thanks for posting.

Posted via CB10

This is correct, though it was years ago. I dont have an exact link, but it was ridiculously specific on what had to be done.

[FSeverino]

I swear it was posted this (last) year... almost sure it was around the time of the leaks for the iPhone fingerprint scanner

Posted via CB10

[Zidentia]

Der Spiegel released an article on the 29 December 2013 where states that the NSA was able to gain access to and read mails sent over Blackberry's BES email serverBES. It also released other related articles showing how NSA developed a set of tools for iOS phones and other type of attacks.

This is the link to the article that mentions BlackBerry BES

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks - SPIEGEL ONLINE

For me what strikes the most is the range of tools available to the NSA. They sure have the resources and the man power.

It proves that privacy, liberties and civil rights are non-existent in technology. That should alarm all of us, however I suspect that it will only strike a chord with the more techie of us.

It also makes me wonder about the intentions of such agencies, although they shield behind the "national security"
tagline its clear there is more than meets the eye and I would welcome some investigative journalism on the "Why" question and not solely on "Who is doing it and how its being done".

Furthermore I believe that encryption should be the norm and not the exception.

There are tools in development (Hemlis) and others already available (ostel, silent circle, RedPhone) that encrypt communication between devices, not to mention other tools like PGP, TOR, OTR, just to mention a few.

BlackBerry should take this opportunity to increase its security not just on BES and the standalone phone but also in the communications itself, an end to end solution.....at least between BlackBerry devices.

It does not say the hacked BES. It says they intercepted email from BES servers. A slight difference.

[szlevi]

You apparently need to read it again, it's not about gsm interception it's about cracking bes

You are not apparently but definitely either hopelessly clueless or downright unable to interpret what you read - it's clearly NOT about BES being cracked and it's EXPLICITLY discussing surveilling text, voice communication over GSM, along with cracking BIS.


Sent from my C6833 using CB Forums mobile app

[szlevi]

Der Spiegel released an article on the 29 December 2013 where states that the NSA was able to gain access to and read mails sent over Blackberry's BES email serverBES. It also released other related articles showing how NSA developed a set of tools for iOS phones and other type of attacks.

This is the link to the article that mentions BlackBerry BES

The NSA Uses Powerful Toolbox in Effort to Spy on Global Networks - SPIEGEL ONLINE

For me what strikes the most is the range of tools available to the NSA. They sure have the resources and the man power.

It proves that privacy, liberties and civil rights are non-existent in technology. That should alarm all of us, however I suspect that it will only strike a chord with the more techie of us.

It also makes me wonder about the intentions of such agencies, although they shield behind the "national security"
tagline its clear there is more than meets the eye and I would welcome some investigative journalism on the "Why" question and not solely on "Who is doing it and how its being done".

Furthermore I believe that encryption should be the norm and not the exception.

There are tools in development (Hemlis) and others already available (ostel, silent circle, RedPhone) that encrypt communication between devices, not to mention other tools like PGP, TOR, OTR, just to mention a few.

BlackBerry should take this opportunity to increase its security not just on BES and the standalone phone but also in the communications itself, an end to end solution.....at least between BlackBerry devices.

You're coming very close to changing the meaning of the sentence as you completely stripped of its context - let me do your job and quote it properly:

"They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry's BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a "sustained TAO operation," one document states."


There's only a very vaguely-worded half sentence, right after stating they have infiltrated EU communication networks, about being able to read emails "sent over" BES servers and that it required a sustaoned operation - this is pretty far from cracking BES itself. Had they done it they 1. wouldn't need to hack into every comm networks and 2. they wouldn't need to keep doing it.
To me it sounds like they figured out some man-in-the-middle hack, likely as a result of some lousy config somewhere along the line (BES itself could be using weaker crypto ie other than AES256, long considered insecure.)

Sent from my C6833 using CB Forums mobile app