NSA's Payload for the 'Phuctorable' MikroTik Routers Found

Kaspersky Inc has published an analysis (archived) of a MS Windows rootkit, therein nicknamed "Slingshot".

The item exhibits the traditional smell of USG-authored shitware, e.g. validly-signed Windows drivers for the persistence layer. However the more interesting aspect is that it is spread via infected routers, of a type which, astonishingly even for consumer shitware, forces the execution of a x86 Windows binary for initial configuration.

An infected router dutifully augments this configurator with a rootkit installer; the rootkit, in turn, contains the typical keylogger and saved-password-collector, network topology probe, etc. components.

The more interesting and "unmentioned/unmentionable" aspect is however the identity of the router's manufacturer:

MikroTik. That very same Latvian USG shill company that's been deploying routers with nonfunctional RNGs and trivially-Phuctorable SSH keys for its entire existence. And dutifully spreads obfuscatory squid ink whenever the danger of public exposure seems acute.

113 GigaWatt Hours Go Missing In Europe

The possibility of converting electrical current, wherever found, directly into coin appears to have added yet another fungible item to the list of socialist "people's properties" liable to get spontaneously "redistributed" by their "servant leader" caretakers — via the quite familiar, to inhabitants of the ex-soviet world, "complicated dance through which to steal the shebang while leaving behind the appearance, in the manner of termites".

Concretely: the European Union's "Continental European Power System", "a large synchronized area stretching from Spain to Turkey and from Poland to Netherlands; encompassing 25 countries", reported (archived) on March 6, 2018, a sudden energy deficit summing to 113 GWh (i.e. 3.6 terajoules):

The power deviations are originating from the control area called Serbia, Macedonia, Montenegro (SMM block) and specifically Kosovo and Serbia. The power deviations have led to a slight decrease in the electric frequency average. This average frequency deviation, that has never happened in any similar way in the CE Power system, must cease. The missing energy amounts currently to 113 GWh. The question of who will compensate for this loss has to be answered.

MtGox Coins Getting Dumped In Waterfall

A March 7, 2018 report (archived) by the MtGox liquidator to the Tokyo District Court
indicated that 35,841.00701 BTC and 34,008.00701 BCC — corresponding to some portion of the coins looted from the MtGox userbase in 2014 — have in recent months lavishly fed the waterfall, i.e. sold for fiat (42,988,044,343 JPY, ~= 405.4M USD at today's rate.)

Acute Pantsuit Inconsistency Shows Internal Disregard For Their Illusion of "Franchise"

On February 12, 2018:

The United States warned the Democratic Republic of Congo on Monday against using an electronic voting system for a long-delayed presidential election in December this year because it has the potential to undermine the credibility of the poll. U.S. Ambassador to the United Nations Nikki Haley told an informal U.N. Security Council meeting on the Congolese electoral process that deploying "an unfamiliar technology for the first time during a crucial election is an enormous risk."

Two days later:

Congressional Democrats introduced legislation on Wednesday that would provide more than $1 billion to boost cyber security of U.S. voting systems, and Vice President Mike Pence defended the administration’s efforts to protect polls from hackers…. "We cannot let the Russians laugh about and take joy in the success they had in the last election," Nancy Pelosi, the Democratic leader in the House of Representatives, told a news conference. "Their goal is to undermine democracy."

The hidden gem, of course being:

The Democrats’ Election Security Act would allocate $1 billion in grants, overseen by the U.S. Election Commission, this year to help states buy voting machines that incorporate backup paper ballots, hire security staff and conduct risk assessments.

That is to say: a lightly-cloaked mandate for the installation of Diebold-style "user friendly" mechanisms for untraceable ballot-stuffing in place of the traditional paper-punch machines which were reintroduced in a number of U.S. states following the 2004 "hanging chads" e-voting election. And, naturally, a quite-undisguised mandate for the institution of a centralized bureaucracy which will centrally supply properly kosher voting machines, centrally networked, which are to produce properly kosher, per the DNC's lights, electoral outcomes.

It would seem that USG now pushes one voodoo in one of its Congoes, and a polar-opposite hoodoo in the other, without – unsurprisingly – much in the way of an explanation.

Amazon Rolls Out An Index Librorum Prohibitorum

Trump's chief strategist Steve Bannon recently compared the ongoing controlled demolition of Europe by marauding orc hordes to a scenario portrayed in an obscure novel, The Camp of the Saints (1973) by Jean Raspail.

The response by Amazon, the world's foremost peddler of DRM-laden electronic chumpware "books" was swift, merciless, and mindblowingly "original" : let's ban some books! And so if you want to obtain a copy of The Camp of the Saints from Amazon, you will now have to settle for a $2,000 collectible edition, because the Kindle chumpware item has vanished, having been made "…unavailable because there are significant quality issues with the source file supplied by the publisher. The publisher has been notified and we will make the book available as soon as we receive a corrected file."

Similar "quality control" problems have immediately cropped up in another alleged Bannon favourite, Julias Evola's Revolt Against the Modern World. And it turns out that Hitler's mega-bestseller Mein Kampf has also sprouted some sudden bit rot.

Peace in our time.

Phuctor Reveals 1 in ~2700 SSH-capable Machines On The Internet Still "Debianized"

Phuctor is a public service operated by S.NSA. It catalogues extant RSA public keys which are inexpensively breakable by any known means.

A short "trip down memory lane" is in order. From 2006 to 2008, Debian shipped with a sabotaged SSH key generator — which was capable of producing strictly 32768 distinct private keys of any given length.

According to Official Truth, this particular story ended in 2008, when the Debian "bug" was fixed. But in reality, a carefully-engineered boobytrap is truly a gift that keeps on giving.

Phuctor has been digesting SSH keys obtained from a scan of the complete IPv4 space since June of 2016. These have yielded, and continue to yield, breakable RSA moduli.

On Wednesday, November the 16th, factors from 168923 trivially-breakable "Debianized" RSA keys1 were added to Phuctor's database. This resulted in a discovery of 1366 distinct hits, distributed across 689 newly-broken RSA moduli. The count of RSA SSH keys (each found at a particular scanned IP, and not necessarily unique) present in Phuctor's database at the time was 2941798. The 689 moduli represented a set of 1074 IP addresses where a machine had responded to an SSH query.2

This leads us to an interesting conclusion: roughly 1 in 2700 SSH-capable machines in the IPv4 space is actively making use of a "Debianized" SSH key, even today; its traffic is effortlessly transparent to enemy eyes.

Peace in our time, shitgnomes!


  1. Many of these Linux boxes are likewise using a "Debianized" SSH key for remote login. And if you, the reader, can find and forensically-instrument such a machine, it may prove to be an excellent source of NSAware for the discerning entomologist.  

  2. Plus one other very peculiar key, appearing to belong to a USG provocateur organization called "Mayfirst". It seems to have started life as an SSH key, and is clearly Debianized, but it is not part of the set we converted to RFC4880 format for digestion in Phuctor. Instead, it had been gathered from SKS as part of Phuctor's original working set!  

RNG Whitening Bug Weakened All Versions of GPG

Werner Koch, maintainer of Libgcrypt and GnuPG, announced today:

"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. … All Libgcrypt and GnuPG versions released before 2016-08-17 are affected on all platforms. A first analysis on the impact of this bug in GnuPG shows that existing RSA keys are not weakened."

However, in the text of one of the patches (archived) which accompanied this announcement, we find a slightly different statement:

"This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable."

In effect, this means that no key created with GPG to date carries more than 580 bytes of effective entropy (e.g., all 4096-bit and above RSA keys have 'subkeys' which – we now find – mathematically relate, in a possibly-exploitable way, to the primary key.)

It should be remembered that, due to the structure of the OpenPGP format, breaking a GPG subkey is often quite nearly as good as breaking the primary key – i.e. it will allow the attacker to create valid signatures, in the case of a signature-only subkey, or else to read intercepted ciphertext, or both.

And thus we find that, due to the staggeringly-braindamaged design of the protocol and of this implementation, GPG users who elected to use longer-than-default GPG keys (Phuctor presently contains 1,090,450 RSA moduli which exceed 2048 bits in length1) ended up with smaller-than-default effective cryptographic strength.

Likewise noteworthy is the fact that this bug was contained in an RNG 'whitening' routine. The popular but wholly-pseudoscientific practice of RNG 'whitening' creates the appearance of an effective source of entropy at times when – potentially – none exists2, at the cost of introducing a mathematical relationship (sometimes, as in the case at hand, a very exploitable one) between RNG output bits, which by their nature are intended to be wholly uncorrelated.


  1. Not all of these moduli were generated using GPG. 

  2. A whitened (walked over with, e.g., RIPEMD – as in GPG, or SHA2, or AES) stream of zeroes, will typically pass mathematical tests of entropy (e.g., the Diehard suite) with flying colors. While at the same time containing no meaningful entropy in the cryptographic sense. 

Phuctor Finds Seven Keys Produced With Null RNG, And Other Curiosities

Phuctor is a public service, operated by S.NSA. It catalogues extant RSA public keys which are known to be inexpensively breakable.1

Recently, Phuctor's algorithmic arsenal was expanded to include a search for perfect squares, which was then further generalized to Fermat's factorization method. A perfect square RSA modulus results from an ill-conceived, subverted, or otherwise catastrophically-broken key generator where a cryptographic prime P is created and immediately re-used verbatim, as prime Q. An RSA modulus factorable via Fermat's method contains two factors which are dangerously (i.e., cheaply-discoverably) close together. This typically results from a lulzimplementation of RSA where prime Q is generated by finding NextPrime(P), rather than independently.

The perfect square finder immediately yielded up a modulus which consisted merely of the square of the next prime following 2^1023. This type of RSA public modulus is consistent with a scenario where a PGP client is operated on a system containing a null-outputting RNG. This trivially-breakable modulus was found to occur in no fewer than seven RSA public keys, claiming the following user IDs:

  1. Mahmood Khadeer <mhkhadee AT hotmail.com>
  2. none <algemeenoptie2 AT gmail.com>
  3. Godless Prayer <godless.prayer AT gmx.de>
  4. john <john.k.pescador AT hawaii.gov>
  5. Bjoern Schroedel <bjoern AT schroedel.cc>
  6. Bjoern Schroedel <bjoern.schroedel AT gmx.de>
  7. Nick Ruston <alliancemicro AT dodemall.redcheetah.com>

Mr. Pescador appears to be, or to have once been, an employee of the State of Hawaii, a curator of data.hawaii.gov (archived), and — apparently — of an empty GitHub repository. (archived). Mr. Khadeer is the President of the Muslim Association of Puget Sound (MAPS) in Redmond (archived), famous primarily for 'heartfelt condemnations' (archived) of this and that, published like clockwork for the past decade. Not much is publicly known about the other victims and/or perpetrators of brain-damaged cryptography in the above list.

The subsequent search for Fermat-factorable RSA moduli yielded exactly one additional result. This very peculiar PGP public key is suggestive of an aborted attempt at the development of a cross-site scripting (XSS) attack against PGP users who might decode the key and display its User ID field in certain WWW browsers.

Peace in our ctime();


  1. For the comedic gold let it be pointed out that prior to Phuctor's existence this kind of key simply did not exist, as per official truth. Nowadays they "obviously" do exist, but after the failure of embrace-extend-hijack attempts spearheaded by Hanno Böck, the deceitful shitbag they're simply "not interesting" as per the same official narrative ; and moreover, systematic causes for their existence still do not exist, at any rate not past "Cosmic Rays did it". Certainly the involvement of the usual array of inept USG agencies can not possibly be suspected. Isn't official nonsense ever so fascinating ? 

Your Disk Controller and You

A recent publication by Kaspersky Lab (mirror) describes the first publicly-confirmed instance of a Microsoft Windows 'trojan' capable of infecting hard disk drive firmware. For every word that's been written on the subject so far, ten thousand words of disinformation, FUD, and general-purpose obscurantist rubbish are floating about – eagerly passed around by spambots disguised as 'independent bloggers' and fleshy meat-puppets alike. Expect no shortage of 'product' from the well-funded – but, interestingly, not especially competent – FUD agency charged with spreading confusion and misplaced skepticism after this and every other Snowden-related tidbit. Continue reading