棱镜门事件已经过去了很长一段时间,但是到现在仍陆续会爆出一些新料。本篇就最新爆料内容做个简单解读。详细内容可自行寻觅原文。
本次爆料内容准确说是 加密分析及利用服务(CRYPTANALYSIS & EXPLOITATION)及针对定点系统分析(ANALYSIS OF TARGET SYSTEM)部分的黑色预算。
这个项目是与美国SIGINT系统集成(就是那个互联网流量、光缆监听和路由控制)一体的,进行监听、植入、解密、分析的项目。实际上这些项目都是由美国一个中心进行的运行,并且在五眼范围内进行共享。
本篇主要摘录其中比较有意思的部分,首先是预算,编制啦。
2011年实际发生费用39.4 $M,也就是大概2.47亿RMB(按当前汇率);2012年略降至35.1 $M,也就是约2.2亿RMB;2013年进一步降至34.3 $M,也就是约2.15亿RMB。2013比2012下降了大概2%。
2011年全职社会员工240人,军方员工2人;2012年社会员工减至211人,军方员工维持2人不不变;2013年社会员工进一步减至201人,军方员工仍维持2人不变。
个人认为预算和人员的缩减,是因为系统已经基本建成,进入稳定运行阶段,所以开始逐年有所缩减。
同时这个泄露的文档也对此项目基本人员的用途进行了描述,其实这也是对这个项目目前的基础功能范围:
- (S//SI//REL TO USA, FVEY) Conduct vulnerability analysis and develop exploitation capabilities against network communications products and commercial network security products, including protocol structure, authentication and access control data integrity, and non-application layer encryption for integration into Endpoint and MidPoint access solutions for use against high-priority SIGINT targets. /分析漏洞,针对网络通信产品和安全产品开发利用能力。
- (TS//SI//REL TO USA, FVEY) Provide target exemplar secure communications product, both foreign and domestic produced, to pursue, vulnerability analysis and develop exploitation capabilities against the authentication and encryption schemes. /提供对国内外安全通信产品的认证、加解密的漏洞分析和攻击能力。
- (S//SI//REL TO USA, FVEY) Support work to provide capabilities against emerging communications technologies through error correction, demodulation, reverse-engineering, multiplexers, and personal communications interfaces. /提供针对新兴通信技术的能力。
- (S//SI//REL TO USA, FVEY) Perform analysis of information security systems, products, and services in order to develop exploitation solutions designed to address customer-driven and anticipatory requirements. /提供针对“客户驱动”和前瞻性的针对信息安全系统、服务的分析,以开发漏洞利用方案。
- (S//SI//REL TO USA, FVEY) Anticipate future encryption technologies of SIGINT targets and prepare strategies to exploit those technologies. /针对SIGNT系统对象的前瞻性加密技术利用储备。
- (TS//SI//REL TO USA, FVEY) Develop, enhance, and implement software attacks against encrypted signals. /提供针对加密通信信号的攻击能力。
- (TS//SI//REL TO USA, FVEY) Develop exploitation capabilities against specific key management and authentication schemes. /提供针对制定秘钥管理认证场景的利用能力。
- (TS//SI//REL TO USA, FVEY) Analyze and develop exploitation capabilities against emerging multimedia applications (Video, voice, fax, data compression, and file formats) and multiplexer capabilities. /分析和开发针对多媒体应用的漏洞利用能力。
- (TS//SI//REL TO USA, FVEY) Provide hardware and software tools for analyzing and developing methods of exploiting known or emerging information systems that are likely to be employed by targets to store, manage, protect, or communicate data of SIGINT values. /提供攻击利用相关软硬件工具。
- (S//SI//REL TO USA, FVEY) Perform reverse-engineering of hardware and software-based encryption systems, develop reverse-engineering tools and techniques useful to the reverse engineering community at large, and provide cryptanalytic engineering services to the cryptanalytic community. /对基于软硬件的加密系统进行逆向,开发逆向工具和技术。
- (S//SI//REL TO USA, FVEY) Maintain state-of-the-art laboratory networks directly supporting analysis of application-layer encryption products, hardware reverse-engineering, communications systems analysis, simulation of target implementation scenario, vulnerability detection, and cryptanalytic assistance to Computer Network Exploitation (CNE). /维护一个最先进的实验室。
- (TS//SI//REL TO USA, FVEY) Develop cryptanalytic capabilities and provide comprehensive support to facilitate CNE operations against target systems and to facilitate offensive/defensive Computer Network Operations (CNO). /通信密码分析能力。
- (S//SI//REL TO USA FVEY) Create comprehensive CNO capabilities, including Radio Frequency (RF)-based, against highly mobile and re-configurable communications networks, and support their integration into multiple military service-level elements. /计算机网络运行能力,包括利用RF、高度移动和可重配设备的网络支持能力,我理解这指的是针对TAO提供的一些高级间谍攻击的支持能力。
- (S//SI//REL TO USA, FVEY) Guide the future design and effective use of cryptanalytic computers to meet the needs of the cryptanalytic community. /指导未来密码分析计算机的设计和高效使用,以满足密码分析团队需求。
- (S//SI//RELTO USA, FVEY) Support investment in reverse engineering through partnerships with National Laboratories and engineering services Contractors. /支持通过国家实验室和逆向服务承包商的合作伙伴关系来进行逆向工作的的投资。
- (S//SI//RELTO USA, FVEY) Develop Initial recognition, exploitation, and prototype solutions against new technology targets. These capabilities are integrated into the processing and exploitation infrastructure or into customized tactical exploitation capabilities. /开发针对新技术对象的漏洞利用和原型方案,估计指iphone之类。
- (TS//SI//REL TO USA, FVEY) Develop methods to discover and exploit communication systems employing public key cryptography. /开发针对pki加密的发现和利用能力,我猜除了密码学破解范畴内的,还有通过SGINT监听相关厂家,或者APT方式偷秘钥。
- (S//SI//REL TO USA, FVEY) Develop methods to exploit communications protected by passwords or passphrases. /开发针对使用密码加密通信的利用能力,我估计指的是针对利用流量劫持获取的使用密码加密的文件的破解。
- (UI/FOUO) Serve as the Cryptanalysis and Exploitation Services (CES) experts in the use of High Performance Computing hardware. Consult with other organizations on the most efficient utilization of these devices and participate in their design and development. /提供高性能硬件的运维、咨询。
- (TS//SI//REL TO USA, FVEY) Develop exploitation processes for a variety of advanced communication security systems. These include Public Key Cryptography and Virtual Private Network (VPN) systems. Manage mature exploitation processes and develop tools to aid in exploitation of internet security protocols and administration. /开发针对高级加密通信的利用能力,包括PKI相关和VPN系统。
- (UI/FOUO) Provide for training in state-of-the-art computing technologies and travel for collaborative analysis and interaction with foreign and domestic partners. /提供培训。
在FY 2013,项目的能力并没有计划进行新增。
除此之外,所谓CCP专家需要在FY 2013完成以下任务:
- (S//SI//REL TO USA, FVEY) Develop new capabilities against 50 commercial information security device products to exploit emerging technologies. /开发针对50个商用信息安全产品的攻击利用。
- (TS//SI//REL TO USA, FVEY) Contribute to the design and development of four additional enabled solutions to help defeat data security systems that are used or may be used by SIGINT targets. /继续设计开发针对SIGINT对象可能使用的数据安全系统的攻击能力。
- (S//SI//REL TO USA, FVEY) Support SIGINT Forensics by extracting data from 10 additional hardware devices In support of prototype exploitation capability development. /对针对10个新增的硬件设备的通过SIGINT的分析取证(就是从抓包中恢复文件)能力的扩展。
- (S//SI//REL TO USA, FVEY) Develop 40 new capabilities (including new algorithms, processes and procedures) to exploit target information systems and technologies. /开发40个针对新算法、处理和过程的新攻击利用新能力
- (TS//SI// REL TO USA, FVEY) Develop 10 new capabilities to include new password recovery strategies, new password attacks on new hardware, automating password attacks, solving particular public-key crypt problems, discovering new targets that result in cryptanalytic gains for CES and developing new attacks against VPN technologies. /开发10个针对VPN技术新皮杰能力。