0.0
On the 20th of January 2017, at approximately
3.96
12.01 in the afternoon Eastern Standard Time,
7.48
the National Security Agency received a new protectee.
12.76
Within six hours, the Technical Security Division had
16.44
a classified problem in its threat queue
18.519
that it had never in the organization's entire
21.339
65-year history been asked to solve.
25.8
The problem was not a foreign signals intelligence
29.0
target.
30.74
It was a domestic user, specifically the incoming
34.88
President of the United States,
36.82
who refused, on arrival, to surrender his personal
40.079
commercial smartphone.
43.06
This is a documentary about the next four
45.759
years of cybersecurity history.
49.479
Everything you are about to hear is drawn
52.02
from declassified materials,
54.02
on-the-record statements from former NSA and
57.119
Secret Service officials,
58.52
published white papers,
60.0
and from the information security community,
61.759
and reporting in the New York Times, the
63.96
Washington Post, and Politico between 2017 and 2021.
70.34
The documentary contains no political commentary.
74.719
It contains, specifically and exclusively, the forensic engineering
78.939
story
79.84
of how the most monitored digital target in
82.379
the world was protected,
84.079
and, where the protection was declined, the ways
87.219
in which that absence was managed,
90.0
and the ways in which that absence was
90.939
managed.
90.939
To understand what the NSA faced in January
93.319
2017,
94.739
you have to first understand what, for every
97.799
previous President of the Internet era,
99.939
had become standard operating procedure.
103.42
Barack Obama, when he assumed office in 2009,
107.459
famously insisted on being allowed to keep a
110.14
Blackberry.
111.76
He was, at that point, the first President
114.739
to do so.
115.64
His staff reached a compromise with the agency.
120.0
The Blackberry Obama used for the next eight
122.06
years was not a consumer Blackberry.
124.379
It was a specifically manufactured device called the
127.76
Secterra Edge,
128.86
produced by General Dynamics on a contract with
131.599
the NSA,
132.34
and modified to a standard that permitted only
134.879
communications
135.419
with a pre-approved list of roughly 15
137.96
contacts over end-to-end,
140.259
encrypted channels controlled by the federal government.
144.08
The device had no third-party applications, no
147.419
browser, no camera access,
149.06
no personal email.
151.86
What Obama received in 2009 was, technically, a
156.34
phone.
156.84
It was, operationally, a piece of government signals
160.259
equipment.
162.199
The framework for presidential mobile communications from 2009
166.28
onward
167.139
rested on a single core principle.
170.28
The Commander-in-Chief's device is not the
172.939
consumer device.
173.979
It cannot be.
176.139
The attack surface of a consumer, and, in
179.039
fact, of a government,
179.039
Android or iOS release at any given moment
181.74
contains several hundred publicly known common vulnerabilities and
185.8
exposures.
186.62
The attack surface of a consumer cellular modem
189.939
contains several hundred more.
193.099
The baseband firmware alone, the low-level radio
196.599
stack running in every commercial smartphone,
199.259
is, in the security community's consensus view,
202.34
the single most dangerous piece of code any
205.06
human carries in a pocket.
206.539
For a target of presidential interest, this was
210.919
never acceptable.
213.139
On January 20th, 2017, the incoming President was
218.08
handed a pre-hardened device by the Secret
220.4
Service.
221.159
He was handed one again in February.
223.28
He was handed one again in March.
226.34
In each instance, he quietly returned it and
229.24
continued using the personal Samsung Galaxy S3 he
232.34
had carried since 2013.
235.759
The Galaxy S3 was the only device that
236.52
had been used by the President since 2013.
236.52
The Galaxy S3 is the subject of this
238.74
part of the documentary.
241.14
It was released, commercially, in May of 2012.
245.199
By 2017, it was five years old.
248.039
The last official security patch from Samsung for
250.819
that model shipped in late 2015.
254.28
Between late 2015 and 2017,
258.139
the Android operating system had accumulated, across that
261.72
model's firmware tree,
263.74
482 public common vulnerabilities,
266.519
and exposure filings, of which at least 67
269.399
were ranked, critical,
270.879
by the National Institute of Standards and Technology's
273.939
scoring rubric.
276.06
Of those 67, a non-trivial subset were
279.66
exploitable remotely,
280.779
without any user interaction at all, by an
283.48
attacker who knew only the target's phone number.
287.199
The class of attack this enables is called
289.959
a zero-click exploit.
292.6
The term means exactly what it sounds like.
295.5
The target does not tap anything, open anything,
298.839
or even unlock the screen.
300.56
A crafted data packet arrives via the cellular
303.5
network,
304.22
typically over the signaling layer that carries text
306.839
messages
307.259
and executes arbitrary code on the phone's baseband
310.72
processor.
311.639
From that foothold, the attacker reaches the application
314.72
processor.
315.72
From there, the microphone, the camera, the GPS,
319.24
and every stored credential.
322.639
Zero-click exploits, by 2017.
325.5
Zero-click exploits, by 2017, were no longer
327.0
theoretical.
328.779
They were the operating standard for at least
331.399
four state-level offensive cyber programs,
334.18
and for one commercial vendor, an Israeli firm
337.1
whose product would,
338.319
four years later, be found installed on the
340.639
phones of 48 different heads of state.
344.079
But the device vulnerability was only the first
347.079
half of the problem.
349.16
The second half was the network itself.
351.56
The global cellular system runs on a protocol
355.819
called Signaling System Number 7, abbreviated SS7.
362.48
SS7 was designed in 1975.
365.439
The year is important.
366.939
In 1975, the cellular network consisted of a
370.339
small number of state-regulated telecom carriers,
373.139
all of whom trusted one another implicitly.
375.699
The protocol was engineered around that assumption.
380.079
By 2017, the protocol was developed.
382.399
SS7 was the backbone protocol of every mobile
385.339
call, every text message, and every cellular tower
388.72
handoff on Earth.
390.04
It still assumes, at a protocol level, that
392.879
every participant is a trusted state-regulated carrier.
397.16
It is not.
400.079
Access to SS7 by 2017 could be purchased
404.42
on the gray market for a figure in
406.399
the low tens of thousands of U.S.
408.339
dollars per month.
410.24
From inside the SS7 network, an attacker can
413.939
read incoming text messages for any phone number
416.699
in the world.
417.48
They can reroute calls.
419.12
They can pinpoint the phone's physical location in
422.06
real time to within approximately 100 meters.
426.1
For a target who received two-factor authentication
429.019
codes over SMS, which, until 2019, included large
434.62
parts of the federal government,
436.319
this was a supply chain attack vector on
439.1
the SS7 network.
439.18
The SS7 network is a network of
448.62
The NSA's Technical Security Division did not send
461.36
the memo up the chain complaining.
464.1
They did what the agency is paid to
466.54
do.
467.759
They built around the protocol.
469.18
They reported on the problem.
471.1
Sometime in the first week of February 2017,
474.439
in a conference room in San Francisco whose
476.98
exact address has never been confirmed in public
479.699
reporting,
480.42
approximately 14 engineers at Twitter Inc.
483.339
began work on a project that, in internal
486.12
documents since leaked to the information security press,
489.36
was referred to by the single letter P.
492.9
P stood for Presidential.
496.259
The purpose of the project was straightforward.
499.719
A single user account on the Twitter service,
502.879
the one with the handle RealDonaldTrump, which had
506.199
existed since March 2009 and, as of February
510.06
2017, had 26 million followers, was generating a
515.059
volume of inbound abuse, credential stuffing, takeover attempts,
519.32
password guessing traffic, and targeted phishing that dwarfed
522.759
the next 10 most attacked accounts on the
525.159
platform combined.
527.32
A single tweet from that account could move
530.34
financial markets by hundreds of billions of dollars
533.24
within 40 seconds of posting.
536.259
A fraudulent tweet from that account, purporting to
539.419
come from the president but not originating from
541.639
him, was, by every possible measure, a cybersecurity
544.98
event of national security significance.
549.159
The account was hosted on the same commodity,
552.22
Twitter infrastructure, as every other account on the
555.1
platform.
556.08
It shared database shards, authentication services, session tokens,
560.5
and rate limit tiers with roughly 300 million
563.86
other users.
565.94
From an engineering standpoint, this was no longer
569.159
acceptable.
571.299
Project P, over the course of the first
574.039
six months of 2017, constructed what has since
577.72
been referred to in security community write-ups
580.74
as a segmented authentication envelope around that single
585.24
user account.
586.08
The engineering work was, for the most part,
590.22
invisible.
591.96
It did not change the user-facing experience.
595.259
The account continued to look, in every respect,
598.539
like an ordinary Twitter account.
601.72
Underneath it, the architecture had been torn out
604.5
and rebuilt.
606.919
Authentication was moved to a dedicated tier on
609.779
separate hardware, physically partitioned from the general user
613.259
authentication service.
616.08
Login attempts against the account were routed to
618.7
an isolated rate limit bucket with a significantly
621.48
more aggressive throttling curve, dropping connections at a
625.279
threshold roughly two orders of magnitude below the
628.22
default.
629.94
Session tokens issued to that account used a
632.62
shorter-lived signing key rotated on a schedule
635.1
measured in hours rather than weeks.
638.82
Password reset flows were quietly replaced with a
642.1
two-person control protocol.
643.519
No single engineer, including the company's chief executive,
647.799
had the authority to reset credentials on the
650.419
account.
652.06
A reset required a quorum of two named
654.899
security engineers, both of whom had to present
657.82
hardware tokens in a specific sequence to a
660.639
dedicated internal system.
663.34
Behind the authentication layer, the team built a
666.639
real-time anomaly, scoring engine trains specifically on
670.46
the account's posting patterns.
672.3
Time of day determined.
673.519
The device fingerprint, approximate latency from the known
676.24
physical devices associated with the account, and a
679.32
dozen other features that have never been publicly
681.44
described in detail.
683.779
Any tweet that scored above a configurable threshold
686.679
was, and, by all public indication, still is,
691.259
routed to a human review queue before publication.
696.019
And on the device side of the account,
698.62
a small team at a second company, specifically
701.62
the manufacturer of the device, was able to
703.5
reset the account.
703.519
przysz
711.68
Morning
733.519
of baseband-level messages that would ordinarily have
736.519
reached every other consumer phone on the same
738.48
carrier.
740.379
It was, in the structural sense, a digital
743.419
fortress around a single human being
745.6
who did not know it existed and did
747.799
not want it to exist.
750.22
But Project P did not prevent every incident.
754.419
On the 2nd of November, 2017, a Thursday
758.659
at approximately 6.57 in the evening, Eastern
762.059
Time,
762.58
the real Donald Trump account went briefly and
765.98
entirely offline.
768.879
It remained offline for 11 minutes.
772.069
During those 11 minutes, every attempt to visit
775.019
the account URL returned a page, not found
778.019
error.
779.85
What had happened was not a cyberattack.
783.639
What had happened was an internal incident.
786.72
A Twitter customer service contractor, on his last
790.059
day of employment,
791.039
had exercised a privilege.
792.58
He had made the account search accessible to
793.259
his team and deactivated the account by hand.
797.879
Within Project P's incident response framework, this single
801.46
internal deactivation,
803.08
caused by an insider, not an outside attacker,
806.159
was classified as a critical failure of the
809.12
segmentation model.
811.759
The postmortem is the reason that, by the
814.299
end of 2017,
815.879
customer service contractors at Twitter no longer have
818.779
the ability to act against accounts
820.5
above a certain follower threshold.
828.5
The incident did not only change the rules
831.82
for the real Donald Trump account,
833.6
it changed them for every high-profile account
836.58
on the platform.
839.12
Independent of Project P, the period between 2017
843.24
and 2021 saw at least five publicly documented
848.419
state-sponsored attempts to compromise the same account.
851.879
The incident was not the first time that
852.46
the Trump administration has ever seen a public
852.58
account.
853.48
A Dutch security researcher, Victor Gevers, publicly stated
857.139
in 2016 and again in 2020
860.32
that he had, on two separate occasions, successfully
863.86
logged into the account using a password drawn
866.799
from a prior unrelated data breach.
869.879
In both instances, the relevant password was a
873.299
short combination of political slogan text
875.779
and numbers publicly guessable with a dictionary attack.
881.299
Project P's first public attack was a public
882.559
attack against the company's public security.
882.559
The incident was the first time that the
882.639
company's public security was logged into the account
882.639
Project P, over the following four years, brick
884.759
-and-mortar, would be rebuilt three times.
887.4
A version of its architecture, generalized to protect
891.379
any high follower count account,
893.72
is what protects the service that was formerly
896.019
named Twitter and is now called X at
899.12
the moment
899.559
you are watching this video.
902.28
Which means that the cybersecurity engineering done, in
906.059
secret, to protect a single user
908.299
who did not want to be protected is,
910.759
at the time of this recording.
912.559
The architecture that protects the account of every
915.539
head of state, every central bank
917.48
governor and every public company chief executive on
920.84
the same platform.
923.159
That was the first half of the digital
925.539
defense perimeter.
927.759
In the next part of this documentary, we
930.519
examine the second half.
932.059
The one built around his physical device.
935.059
The one we would now, in retrospect, call
938.019
the Burner Protocol.
941.06
The Burner Protocol.
942.34
The Burner Protocol.
942.559
The exhibition that was brought in from Fortune
943.84
500 with the tochdy thatейnears API orders
952.74
are later with the majority of the course
952.759
according to our tests.
954.82
Approximately this piece the elevator itself in the
955.539
environment was built on top of either
955.539
X in the above.
958.019
warehouses before a
958.98
little question from Michael Francis.
962.86
Starting on the computer console, I saw overthreads
963.34
of 2008 Prime Tech Fall and 10ô caused
964.279
a click on the forum fri dont believed
965.259
in that the butt of jerryăng has terrifying
967.58
off
968.379
We all are amMs in this.
970.2
I have elected believes I am one of
971.639
the first good There was one concern where
972.36
Google
972.559
The message was a cryptocurrency scam.
976.98
It promised that any amount of Bitcoin sent
979.84
to a specific wallet address would be returned,
982.659
doubled as an act of charitable pandemic relief.
986.039
The wallet address was, in fact, controlled by
988.919
the attackers.
989.919
Over the course of approximately four hours, the
992.899
wallet received $118,000 from 139 credulous
997.58
senders.
999.359
That financial number is, by any professional cybersecurity
1003.159
metric, trivial.
1005.639
It is not what this part of the
1008.059
documentary is about.
1011.039
What this part of the documentary is about
1013.58
is who had access to the administrative console
1016.379
during those four hours and who almost did.
1020.899
The attacker was a 17-year-old resident
1023.62
of Tampa, Florida, named Graham Ivan Clark.
1028.16
Clark had not written an exploit.
1030.119
He had not reverse engineered Twitter's code.
1032.819
He did not, at any point, possess a
1035.119
previously unknown software vulnerability.
1039.4
Clark had made a series of phone calls.
1042.819
Specifically, Clark, working with two accomplices, a 19
1046.779
-year-old in the United Kingdom named
1048.519
Mason Shepard and a 22-year-old in
1051.019
Orlando named Nima Fazelli, had identified a small
1054.539
set of Twitter employees who, by virtue of
1057.22
their technical support, had been using Twitter
1058.16
as auffled by both tips to A슬�
1087.18
and Ntra's.
1088.119
It is called God Mode.
1092.7
Clark identified those employees, obtained their mobile phone
1096.38
numbers from leaked datasets and public LinkedIn profiles,
1100.059
called them one after another, impersonated a member
1103.279
of the Twitter internal IT security team, and
1106.22
walked each one through what he described as
1108.599
an urgent VPN certificate renewal.
1110.98
The actual work, from the target's perspective, was
1115.799
the entry of their single sign-on credentials
1118.039
into a site that looked almost exactly like
1121.079
Twitter's real internal login page, but was not.
1125.3
The attacker had registered the lookalike domain approximately
1128.7
three days before the attack.
1132.319
Four Twitter employees, out of the dozens Clark
1135.66
contacted, provided their credentials.
1138.72
Of those four, two responded.
1140.98
The attacker then had, for roughly four hours,
1149.48
the administrative capability to act against any account
1152.799
on the service.
1154.92
They did not act against any account on
1157.539
the service.
1159.059
They acted against a curated list of approximately
1162.16
130 accounts, chosen for follower count, crypto community
1166.92
visibility, and message credibility.
1170.98
The account of the sitting President of the
1173.46
United States, whose handle at that moment was
1176.079
the most closely watched digital property on the
1178.619
Internet, was not among them.
1181.54
It was not on the list for a
1183.519
specific technical reason.
1186.62
Project P's segmented architecture had, as described in
1190.279
the preceding part of this documentary, placed the
1192.799
real Donald Trump account behind a two-person
1195.579
control gate.
1197.3
The agent tools panel for that single account.
1200.98
For a doesn't know most of artigrelious hidden
1202.759
Young, this is a young man.
1207.64
Was the effet, this was a very powerful
1208.859
technological move, that he would crushed away at
1209.38
the
1209.88
Youtuber administrator once another single account from a
1211.339
will then
1213.839
come into the world.
1214.66
Did ora is the future.
1221.519
Twenty pounds.
1231.159
ARK did not know.
1233.94
The attackers went for easier marks.
1237.4
This is the part of the story that,
1239.46
inside the small professional community that analyzes events
1242.799
of this kind, is considered the real outcome
1245.24
of July 15, 2020.
1248.94
The financial damage was $118,000.
1253.259
The potential damage was something that is difficult
1255.859
to measure in dollars.
1258.339
A fraudulent tweet from the sitting president's account
1261.48
at 3.30 in the afternoon on a
1263.72
Wednesday announcing a military action, a nuclear posture
1267.339
change, a surprise sanctions decision, or a simple
1271.0
economic claim that happened to be false, would
1273.819
have taken, by every financial markets analyst who
1277.299
has modeled the scenario publicly, under 60 seconds
1280.539
to move the S&P 500 by a
1283.039
figure denominated in the hundreds of billions of
1285.74
dollars.
1287.22
Under different wording, the same tweet might have
1290.039
triggered a condition of elevated alert and strategic
1292.539
command.
1294.44
The distance between that outcome and a Bitcoin
1297.18
scam operated by three teenagers was one piece
1300.519
of infrastructure.
1302.56
The two-person approval gate, Project P, the
1308.7
perimeter held.
1310.62
But only because the attackers did not know
1313.24
it was there.
1314.96
I want to speak to you directly.
1317.099
For a moment.
1318.839
For the last 18 minutes, you have been
1321.319
listening to a documentary about the most heavily
1323.64
defended digital footprint in the history of the
1326.319
Internet.
1327.759
A $40 million authentication architecture.
1331.5
A dedicated security team at a public company.
1334.48
A signals intelligence agency operating at federal expense.
1338.759
A manufacturer-level firmware configuration shipped to two
1343.119
specific device serial numbers.
1346.039
Every one of them.
1347.099
Every one of those defenses was present.
1348.819
Every one of those defenses was necessary.
1353.299
And on July 15, 2020, the entire perimeter
1357.559
survived by a single architectural decision made three
1361.24
years earlier by 14 engineers in a conference
1364.259
room in San Francisco.
1367.059
That is what it takes.
1369.98
Now I want you to look at the
1371.9
device you are watching this video on.
1375.299
The device does not have a device.
1377.079
It does not have a dedicated authentication envelope.
1379.66
It does not have a two-person control
1382.079
gate on its password reset flow.
1384.48
Its manufacturer has not shipped a personalized firmware
1387.759
configuration to its specific serial number.
1390.859
There is no signals.
1392.64
Intelligence officer in any facility anywhere in the
1395.279
world whose job description includes monitoring the baseband
1398.579
traffic it is receiving at this moment.
1401.72
What it has is the default security posture
1404.5
of a consumer device in 2020.
1420.52
Any device that suppressed high error architecture off
1421.799
the chip
1421.92
functions it etcetera makes any command to be
1421.92
operated on a device and it does not
1421.92
equip the 활동 to a device in the
1423.64
corridor.
1423.64
Avoid veering into plug and versus with the
1424.559
alternator connectors and each of these connectors will
1426.16
be turned off,
1426.819
chimney operation will not before Appleoute without customizing
1431.44
software!
1431.44
But if it is installed at a high
1431.759
value access,
1432.7
although it needs seeing.
1434.0
There doesn﹑t necessarily have precise relationships.
1436.559
Hey,
1437.039
If your phone is more than 36 months
1439.019
old, it is no longer receiving security patches
1442.079
from its manufacturer, and the number of publicly
1445.019
known exploits against its current firmware
1447.319
is measured in the hundreds.
1450.339
The only reason your data has not been
1452.72
compromised is that no one with state-level
1455.18
resources
1455.619
is targeting you.
1459.539
The specific technical fact of 2020, that the
1463.619
cybersecurity of the most powerful office
1465.7
in the world was separated from catastrophic failure
1468.599
by a single piece of internal procedural
1470.96
design, is also the specific technical fact of
1474.46
your life.
1476.32
The difference is that you do not have
1478.4
Project P.
1480.2
You do not have General Dynamics building you
1483.22
a custom device.
1484.339
You do not have a signals intelligence agency
1487.0
positioned at your gateway.
1488.559
You have a four-character PIN, a 10
1491.359
-year-old phone number, and a password you
1493.359
reused on
1494.079
14 other sites.
1496.5
The lesson of this documentary is not that
1499.5
one particular president's devices were
1501.66
particularly insecure.
1504.2
They were, in the end, more secure than
1507.019
those of any president before him, and the
1509.559
engineering
1509.96
required to make them so is a permanent
1512.359
addition to the information, security state of the
1515.18
art.
1516.859
The lesson is that even at that level,
1519.519
the margin was 11 minutes.
1522.259
The margin was a contractor on his last
1525.059
day.
1525.24
The margin was a team of three teenagers
1527.579
who did not know they were three hours
1529.4
away from
1530.079
triggering a national security event.
1533.6
Below that level, the margin is thinner.
1537.44
You are not protected by Project P.
1540.859
You are protected by the fact that, for
1543.079
most of you,
1543.759
no one has bothered.
1546.36
That is a statement about attacker's priorities.
1550.62
Clout.
1551.38
Not about your security.
1554.0
Clout.
