"In 2013, GCHQ received considerable media attention when the former National Security Agency contractor Edward Snowden revealed that the agency was in the process of collecting all online and telephone data in the UK via the Tempora programme."
A year ago someone in my research group claimed that they were 'getting into cyber'. I looked around the room and almost every other member of the group looked confused and a little concerned.
Apparently 'cyber' has become a byword for 'cyber security'. I hope that this does not last.
I wouldn't get your hopes up, from the people who brought you forensic (i.e. legal) as a byword for science.
We immediately began mocking them with a buzz lightyear graphic.
I take it you have no exposure to the public sector? Referring to "Cyber" as "IT/Info/Computer/Network Security" will immediately identify you as an outsider in man public sector positions.
EDIT: I've managed to get rid of this pesky Cyber Monday out of the graph!
Edit: there's also an interesting spike in Google trends for "cyber" every November. National Cyber Security Awareness Month is in October.
That said, how could they possibly collect or intercept this, isn't it a bunch of client side scripts, all hosted on GitHub?
Or the right circumstances could cause the library to make requests to their secret government hacking command-and-control server.
Seeing that they released this at github.com/gchq/..., I'd keep my eyes open for requests to secret-hacked-data-backchannel.open-exploit-project.gchq.co.uk
(Or, with less sarcasm: this is probably the project on github with the lowest possibility of containing government backdoors).
(or maybe that's just what they want you to believe)
(or maybe that's just what /we/ want you to believe)
(or maybe that's just what /I/ want you to believe)
>it should be noted that the analyst is not a professional developer and the code has not been peer-reviewed for compliance with a formal specification
>Cryptographic operations in CyberChef should not be relied upon to provide security in any situation. No guarantee is offered for their correctness.
Because that would be a logical fallacy.
print("".join(chr(int(x,2)) for x in "11100111 10111011 10011101 11100100 10111000 10001101 11100100 10111100 10011010 11100110 10010100 10111110 11100101 10111100 10000011 11100100 10111101 10100000".split()))
I don't deny that other tools might make this faster.
Also, nice puzzle! :-)
Well played. :)
// That's a bad miss!
The interface is really slick and it lets you create an infinite number of recipes/permutations.
String processing is much of what we do in security.
Yay for GCHQ. You'll find me at the bottom of this page due to an omission of obligatory IC bashing and Snowden fanboyism.
> You'll find me at the bottom of this page due to an omission of obligatory IC bashing and Snowden fanboyism.
There was no need, really.
Please don't bait other users by inviting them to downvote you or announce that you expect to get downvoted.
There's bashing against malpractice, illegal data gathering and in general against any abuse of other people's freedom.
But my comment was about the guidelines. There's no need to call that out and helps no one. You could have accomplished a better outcome just by highlighting positive stuff about the IC, like this very same set of tools. And please don't get me wrong, I'm not trying to patronize anyone here, I'm just a mere HN reader.
I for one am glad to see that there's at least one other person on HN who appears to share my views on the IC & Snowden.
Are you serious? Any programming language with an interactive interface would work much better than this kind of web app for any day-to-day work.
Of course, this is great for introducing kids to real programming.
I wonder if that image has had many visitors ...
Also worth considering:
1. Take a base64 encoded payload as Input: "AAAAI9Dw0qHYq9+61/XPtJS20bTAn+yV5o/hh+jK8J7rh+vLtpbr". I use the "From Base64" module.
2. The result is differential XOR crypt. The seed is 171. I select the XOR module and use 171 as the key. Then i pick "differential" option. Doesn't work.
Am I missing something? This is a very simple example.
The simple python code that decodes it is this:
key = 171
result = ""
for i in string:
a = key ^ ord(i)
key = ord(i)
result += chr(a)
string = "AAAAKtDygfiL/5r31e+UtsWg1Iv5nPCR6LfEsNGlwOLYo4HyhueT9tTu36Lfog=="
result = decrypt(base64.b64decode(string)[4:])
print "decoded: ", result
print "Length: " , struct.unpack("I", string[0:4])
If I were a spook, I would totally be releasing reversing tools that alerted on my encoded code words.
Then you download it, and open it in a sandbox VM with no Internet access
Here is my attempt to make something similar although less featureful: https://encoder.secapps.com/
I will try to incorporate some of these features.
From the About link:
> "CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression."
> "It is expected that CyberChef will be useful for cybersecurity and antivirus companies."
From the backing Github readme, which as far as I can see is not directly linked on the page:
> "Cryptographic operations in CyberChef should not be relied upon to provide security in any situation. No guarantee is offered for their correctness."
Now, it's fair to say that professional security types should assume the 'no guarantee' bit. But it's not fair to offer it up as a one-stop-shop for non-programmers to handle encryption tasks, and then offer no caveat at all in the primary reference page. It's even less acceptable when the About page implies the opposite.
My complaint was more that this is another entry in the pattern of handing people black boxes labeled "this does cryptography!", without offering any plain-English explanation of what they're actually getting.
It felt particularly important to me here because it's a comparatively new initiative, and the caveat went on the Readme (seen by users who already know) but not the About (targeting users who might not).
I guess I am paranoid about potential backdoors - something that non-crypto people wouldn't know or understand. Heck - who knows, there could be something in there that even the crypto community could miss...?
In our current world, I don't think my paranoia is misplaced. This project may be perfectly safe, offered transparently and no funny business. But then again, who really knows? Unless you are one of those experts in cryptography (and even then, as I understand it, that doesn't guarantee anything) - there could be subtle changes that could potentially open things up for "bad actors"...
I guess I'm saying "trust but verify"...?
Fair point, but I'd imagine that's just something that their legal dept. made them put up.
The API seems a bit weird though...
Oh my God, you weren't kidding.
EDIT: In lieu of downvoting, would someone like to explain their disagreement? I'm curious. Perhaps this would open up certain programming powers up to non-coders, but for anyone who knows how to code, it seems much easier to just write a script to make these kinds of transformations.
The security analysts need to consider data from thousands of different alerts on a daily basis. There is definitely room for automation, but I think there will always be some need for human judgement and manual analysis (which tools like this will greatly expedite).
Since everything is really text here, the typical UNIX way of doing things seems to be much more practical in dealing text transformations here. I second your `Bash' opinion. I could imagine a package populate your PATH as
cat FILE | toBase64 | entropy
Alas, point-and-click lovers seem to be the majority here on HN.
All transformations are readily available in the standard library of a language like Python or Ruby. And note that this CyberChef tool doesn't chain them together either. The user does that. Likewise with a Python or Ruby script.
I guess I can see how this would be useful if you don't know how to code, but I don't know anyone who would be able to use a tool like this who doesn't know how to code.
Also, I can see how this would be useful in the same way that a web app like jsfiddle is useful, to make a quick example to share with others.
In any case, I clearly wrong, since I've been so highly downvoted.
Perhaps because I'm skilled at Vim, using Python and Vim is unquestionably quicker for me than using a mouse to drag/paste/click a bunch of boxes around for any imaginable use case. I suppose if you're used to using mouse-driven programming environments like Windows often is used, this might be quicker...
I might actually do this from now on. Have my <noscript> be more than just "You must enable JS to use this" but instead actually display useful information about what it does.
There are well over 100 operations in CyberChef allowing you to carry simple and complex tasks easily. Here are some examples:
Decode a Base64-encoded string
Convert a date and time to a different time zone
Parse a Teredo IPv6 address
Convert data from a hexdump, then decompress
Display multiple timestamps as full dates
Carry out different operations on data of different types
As much of a problem as I have with web pages using gratuitous JS, it should be obvious that actual web applications such as this and gmail will not be able to "gracefully degrade".
Actually, gmail in particular DOES have a no-js version.
Go to "Setting," click on "Help," then enter "Basic HTML view" in the search field, then click on "Standard view and basic HTML view," then "basic HTML view," then, if you wish to preserve the setting, on "set basic HTML as default view."
It's also a sobering thought that the people who wrote this stuff (seems neat) may be able to uncover my deepest secrets in seconds if they were so inclined.
And being geeks, I'm sure they read this. gulp
(As far as I can tell, github.com/gchq is from the actual GCHQ.)
This is mostly a job ad. Don't go there. It's not moral.
No one is telling the user what he should use this for, there's plenty of situations where you might want to convert/encrypt/elaborate data without being launch codes for nuclear missiles and this seems like a pretty good tool, all browser based too, opposite of many other more famous tools that require communication with a server.
I am not talking about the actual encryption/decryption/data-wrangling stuff in this HTML page. All of this is obviously very neat and very usable.
The reason I do think this is a job ad is the fact that it's the GCHQ that is publishing it. Seriously, a spook agency is publishing neat open source stuff. I can only think of two reasons for this to happen and both align:
a) employee happiness (few people enjoy doing stuff in secrecy, I think)
b) using the by now well-established mechanics of corporate branding to make the GCHQ appealing to a larger amount of developers/hackers.
I think the latter is the dominant factor, and this is why I called this a job ad.
This is propaganda.
If they succeed in broadening their pool of applicants, ideological diversity would increase. That may make it more likely that objections such as yours are raised internally.
(counterarguments: their productivity may rise quicker than their morals can, making the net effect negative, or the institution is stronger and changes the individual instead of the other way around)
Another disparate thought:
The NSA we've seen so far appears to have been infinite reach, but with very limited analysis capability. E.g. they have have an army of humans trying to make sense of the mountains of data. Just imagine their capabilities when they have applied (already, perhaps) deep learning to this data feed. This is scary shit.
Suddenly they will have a very deep profile on every connected individal on earth (like 75% by now?).
Rarely is propaganda actually useful. Are "Swiss" army knives propaganda for the Switzerland military?