SSH inventor analyzes tools the CIA wrote to exploit his protocol
The CIA hacking tools called Gyrfalcon and BothanSpy, as described in documents released by anti-secrecy group WikiLeaks, are “effective, but surprisingly unsophisticated,” according to Tatu Ylonen. And he should know — he invented the security protocol they exploit.
In a blog post he published Wednesday, Ylonen — inventor of the Secure Shell or SSH security protocol — analyzes the descriptions of the tools provided by WikiLeaks. The group, which has not released the source code for the exploits, published classified “user guides” for the two tools earlier in July as part of a trove of stolen documentation about CIA hacking tools they’ve dubbed Vault 7.
“From the [documents], it is easy to figure out how they work,” Ylonen told CyberScoop of the exploits, which are designed to let hackers move around an IT network once they’ve compromised a single machine. In an interview, he speculated they probably would have taken “a few weeks of work” to develop, “depending on the background” of the coder.
BothanSpy targets Xshell — a “fairly esoteric” SSH client program that runs on Windows systems — whereas Gyrfalcon targets the “extremely widely used” OpenSSH protocol that works on Linux.
“These are tools for enterprise systems,” he said, “They are not [for] spying on individuals like terrorists.”
Both the tools exploit the way that SSH is implemented in many large enterprises. SSH allows secure, encrypted access by individual users to servers and other network assets in a distributed enterprise, and it also facilitates automated machine-to-machine communications in the same secure fashion. But without careful management, the digital keys that enable that communication can proliferate and end up stored in insecure, easily found locations on the network. If they’re stolen by an attacker with a toe-hold in the system, he or she can use them to move freely throughout.
Both the CIA tools are designed to “obtain … additional credentials (passwords, SSH keys) once the attacker has already penetrated a user’s laptop or desktop using other methods,” Ylonen writes. Depending on how poor the enterprise’s key management practices are, even a single SSH key “can in many cases lead to compromise of the entire server environment.”
Ylonen has been warning for five years now that poorly managed SSH keys could be a boon for hackers. He came out of retirement in 2012 to start banging the drum.
In one large financial institution where Ylonen’s company was engaged for several years, his staff went through “about 25 percent of the their server environment, approximately 15,000 servers; 500 of their most critical applications.”
They found more than 3 million keys, but Ylonen says that is typical. “In most enterprises, 90 percent or more of the keys we find are no longer used at all.”
More worryingly, on average about 10 percent of them are configured to grant root access — the highest level of administrative access. “With root access you can install malware, you can grant access to anyone, you can tamper with or destroy data,” said Ylonen, “You can do whatever you want.”
So severe are the security issues created by poor key management that in its latest product, SSH Communications Security does away with keys altogether. The PrivX On-Demand Access Manager secures machine-to-machine communications without any permanent access keys at all, instead using only short-term, temporary credentials that are created on demand for those whose Active Directory status entitles them to access, and loaded via their web browser.
“The deployment is incredibly lightweight,” said Ylonen, “and it scales much better than trying to manage privileged access through rotating password changes or certificate vaults.”
