I've been meaning to make a thread on this ever since I read the Forbes article yesterday.

Yes, they are coming for the Playstation 4 users. Spying is coming to PS4.

Here is the Forbes article on the matter: http://www.forbes.com/sites/insertcoin/2015/11/14/why-the-paris-isis-terrorists-used-ps4-to-plan-attacks/

I see they added a Correction to this article:

Correction:This post has been edited as it has not been confirmed that a console was found as a result of these specific Belgian terror raids. Minister Jambon was speaking about tactics he knows ISIS to be using generally. Evidence gathered in recent raids has not been publicly listed.

It really is ironic, I bought a PS4 because it was just a gaming console and not a device with a infrared camera and microphone that was always on.

Next is steam

They're already on our comps

I hate to see more control and security but even in the teamspeak server for the arma 3 group I'm i a member of, we have discussed detailed bug out plans and meet ups and the such. Half of this is silliness and bullshit but it got me to thinking how easy it would be to communicate anonymously with a coordinated group to plan and carry out an attack. Just a thought

xbox one has been known as spyware since day one

Lol yeah right. How the fuck would terrorist even find out the ps4 could be used like? I smell corporate bullshit behind all this.

This is dumb, they don't rely on these services to maintain message encryption, you'd be using some kind of user level encryption with exchanged keys, at which point, it doesn't matter how the actual encrypted message content is transmitted.

Downvoted because:

erOnuXS/7veeZcNb1EtKyAj41VK5dQRVeQRbfVBxR1ZIiKdZ108Slfb90z5HNr4sNkds7jFZpYzPv6SzX3MVSg==

Emergerd wait, you can't read that because IT'S ENCRYPTED TEXT and you don't have the key. It's almost like terrorists would do this instead of relying on Playstation 4's network and communications architecture.

No cryptography expert here but im guessing that is Base64?

Encryption is only psudeo-random at best, and susceptible to quite a few attacks and vulnerabilities known and unknown, and while arguably civilians wouldn't be able to crack most encryption if any but government on the other hand?

Not "easily" but im almost 100% sure they have the computational power at their disposal to dedicate time to cracking their encrypted messages. (Besides other means of getting keys, like interrogation or something)

And as far as I know: The PS4 was favored because of the large amount of communications that take place on it everyday. (I remember the forbes article mentioning 65 million active users?) Not really easily policed when the general assumption is that it is probably for games or something.

Only the final output is based 64ed in this particular case, after running like half a million iterations of the actual encryption algorithm.

No cryptography expert here

Clearly. You are incorrect in stating the ability for governments to crack properly encrypted messages in any kind of timely manner, unless they have some kind of mythical quantum computer at work. The math behind cryptography has the time required to crunch a well engineered solution taking longer than the age of the universe. It gets even more difficult if you mix and match encryption algorithms in between iterations. Someone intercepting the raw message has no idea even in what order to begin the decoding process, what algorithms, how many times each, when to alternate, etc. It doesn't matter how much computational power they have. The mathematics behind encryption algorithms say it's not enough. You'll be dead long long long before you have an answer.

Oh great, another person on the internet with your kind of personality.

Consider, I don't know the NSA: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&_r=0&pagewanted=all

I know some of this speaks for obtaining messages even before they're encrypted or after their decrypted. Because you know, that also has to happen at some point.

Backdoors, and weakness in encryption are common now. (XOR has a weakness, RSA might have a backdoor, Des and TDES can potentially be bruteforced)

And you're SERIOUSLY undermining how powerful the computers could be just running brute force attacks and then run the result against algorithms to determine if more crypto was used or if its decrypted.

Cryptography is obviously a very powerful tool but the NSA has been on this for years. And considering the DoD spends $11 billion a year on cryptanalysis yeah, they obviously have to be getting some results.

Edit: The problem with running "half a million iterations" by the way, is that another human on the other end of it has to know the keys, and how to decrypt it. Making a ton of different cryptos ontop of each other is chance they might not even be able to see the message themselves.

Oh great, another person on the internet with your kind of personality.

Wow really? Wtf? Well, sorry we can't all be as pompous as you.

And you're SERIOUSLY undermining how powerful the computers could be just running brute force attacks.

You can't brute force a strong encryption algorithm in any reasonable amount of time. This is the whole point of the math behind behind cryptography. This is crypto 101 stuff.

Here's Schnier on the matter: https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html

Honestly, I'm skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.

So don't take it from me...

The problem with running "half a million iterations" by the way, is that another human on the other end of it has to know the keys, and how to decrypt it.

Um, that's like half my point. You can't rely on "internet encryption" (per title of article you posted). SSL is completely compromised for example particularly at the CA level.

Instead, you'd want perform encryption and decryption offline, through previously exchanged keys and customized standalone encryption and decryption modules. "That another human on the other end of it has to know the keys, and how to decrypt it" is exactly why it's more secure than simply relying on encryption at level of a compromised service provider.

And the whole point of the article I linked, is that the NSA has been implementing back doors, and hiring people to come up with ways to beat cryptography. Yes SSL is dead, but I never mentioned that in my reply, just a few examples of commonly used offline crypto.

The article is good though, but its 3 years old, god knows what could have changed. Continuing on:

Um, that's like half my point. You can't rely on "internet encryption"

The problem with encryption and these 2048 bit keys and so on, is that a key like that isn't able to be transferred without some kind of medium for data or the internet. You really can't just right down something that long. So if you use a flash drive, or something to keep the key on, that's a huge risk because the key can't change.

Anything longer than 2³⁹ as stated by your link can't really be cracked as of 2 years ago, but times change. I'm not saying they're cracking 1024 bit keys by any means but there are just too much assumptions that have to be taken to come up with a side in this.

Me personally: I just don't see as encryption as being enough.

Me personally: I just don't see as encryption as being enough.

great for security in transit, but as mentioned at some point it must be decrypted and displayed/printed/watched/listened to and recorded or noted down. at this point unless you built the device that does that yourself and operate it in a hardened ultrasecure bunker you are vulnerable

The key can be encrypted with a fairly long password that's only stored in your head (ad infinitum). In any case the actual crypto itself is not going to be bruteforced. Even if the NSA has some fancy math tricks that are unknown to researchers or the public it's unlikely to decrease the runtime significantly. The bruteforce is limited by processor speed, and I highly doubt they have the next-next-gen of processors in a supercomputer cluster when IBM and it's ilk are struggling to make marginal % gains in speed.

You're thinking far too limited in scale. No need for CPU's when you have GPU's which would be much faster at this and can spread it over numerous cores.

I'm not saying this is what the NSA is doing encryption is useless, but it's not completely impossible either. Especially with shorter keys like anything <39 bits in length.

I'm open minded, but this GPU cluster would have to be literally millions upon millions of times faster than most existing CPUs to have a chance at brute forcing the key. In any case most of the time the encryption is made moot when there's so many other leaks of information from other sources (cell data, session cookies, etc.) that tells a good story. Most of the time there is probably little need to really crack encryption anyways.

I got interested and did a quick bit of googling: In terms of raw processing power, The newest i7's do roughly 81-113 FGlops NVIDIA's Quadro M6000 can do 6.07 TFlops. So it's not millions but it's about 55~75x more powerful.

Still though, I agree that yes cracking encryption is most likely rarely needed.

decrypt this: orange mustang sunset expert

william binneys own words "use codes not cyphers"

computers are good at cracking cyphers it takes a human to crack codes

XOR has a weakness

that was quite funny i must say!

I can't tell if you're trolling or what but

https://en.wikipedia.org/wiki/Stream_cipher_attack https://en.wikipedia.org/wiki/Known-plaintext_attack (to some extent this)

The ps4 is recording you game play all the time in case you wanna share it. So I do know the ps4 has a record data base . Even when you have finished the game play if u decide u what to you can. So in my thinking it's alway listening and recording

not exactly. it saves as a temporary file (whether your are online or not) which you can save and share before the game ends, when the game ends they don't keep the data (to the best of my knowledge)

What would spying do? You can't spy on voice comms in game. Now thats comical.

...Yes. You can. You can record yourself, microsoft certainly records, you can intercept it at a datacenter in the middle (which the NSA does), you could root the system, and so forth.

THEY CAN NOT HEAR YOU TALKING ON YOUR MIC TO A FRIEND IN GAME. YOU ARE RETARDED

I'm sorry, you must not have read my username. It's /u/cttechnician/. As in, I fix computers for a living and knowing this sort of thing is my job description. I assure you, they can, in point of fact, listen in on your conversations to your friends over XBL and PSN in a game. It's been used in more than one case here recently where this sort of 'wiretapping' has lead to arrests.

I'm sorry if this causes you distress, but none of your communications over any network are secure any more. Even 'encrypted' communications have government backdoors built in. I suggest reading into Carnivore and man in the middle attacks for starters.

Nice! Your name means nothing to me.

They CAN NOT listen to me speak to my friend in a public Call of Duty/Battlefield or whatever else games' deathmatch. Unless they were in that deathmatch.

Your chat passes from your device (which could be rooted), through your ISP (which does send copies of all traffic in transit to the Utah datacenter, aka Tyrannosaur), through PSN (which likely records and retains data for a two week or more period), through everyone else's ISPs (also sending traffic in transit to the NSA), to your teammates' devices (which could also be rooted).

Yes. They not only can listen to your chatter at every point in transit, they do. There may not be a human going over every single thing at every single second, but you can bet your ass it's being fed through voice recognition software, transcribed, and then searched for key words and phrases.

But if you'd like to pretend I'm wrong and I'm talking out my ass, by all means, continue to do so.

I thought he was trolling you but I think he is actually serious...

He's super serial. I think he genuinely doesn't understand how technology works.

Surely you realise that any data stream can be captured and decoded. GSM phones, for example, transmit voice communications over an encrypted channel and it's a pretty well known fact that mobile phone conversations are often intercepted by the authorities in investigations. Why do you think that this wouldn't be possible for a voice conversation over PSN?

I'm not attacking your opinion, I am genuinely interested in what you think.

This is correct. Any data stream can be compromised at any point from end to end, it's only a matter of compromising the right device.

They can hear you. It's all data. It all travels through their network.

That is.. not yet.

[deleted]

No one uses the kinect for a mic. Its absolutely garbage.

No one? You've surveyed every XBOX 1 user in the world and determined nobody uses it?

I don't, it might be true. ;-)

not exactly. it saves as a temporary file (whether your are online or not) which you can save and share before the game ends, when the game ends they don't keep the data (to the best of my knowledge)

Surely you realise that any data stream can be captured and decoded. GSM phones, for example, transmit voice communications over an encrypted channel and it's a pretty well known fact that mobile phone conversations are often intercepted by the authorities in investigations. Why do you think that this wouldn't be possible for a voice conversation over PSN?

I'm not attacking your opinion, I am genuinely interested in what you think.