Bruce Schneier knows Victoria’s Secret

Or, more oddities in the Cyberwar stakes. I can’t help thinking that the cyberwar stuff, much like conventional terrorism, is vastly overblown as a threat to national security, or indeed anything. A case in point is the normally very sensible Bruce Schneier with a short recommendation of a New Yorker piece about the crashing of a EP-3E Aries II in 2001 in China.

So, to recap: the pane is monitoring Chinese comms, crashes, and so is physcially in the hands of the Evil Hordes of Fu Manchu who naturally take it to pieces. Apparently this included operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications

Certainly, from the reports, it appears that whoever spend zillions of dollars on this expensive system failed to think of the possbility of it falling into enemy hands, and the cunning plan to destroy sensitive instruements in the event of capture was to pour coffee on them. This is imbecility of such a high order that only military intelligence could have done it.

But more than that, the NY gushes that the Chinks were

reverse-engineering the plane’s N.S.A.-supplied operating system… Mastering it would give China a road map for decrypting the Navy’s classified intelligence and operational data.

But… why? Surely even people as dumb as military intelligence wouldn’t be putting whatever Sekrit encryption system they use for their own data into a plane they are flying over mainland China? What would be the point? The plane, after all, is gathering a pile of Evil Empire data. That data doesn’t need any specially strong encryption. And even if it did: why would disclosure of the encryption method matter? Just because I lose my PGP password doesn’t make anyone else’s PGP-ed data any less secure. And anyway, the intelligance gathering only needs *en*cryption not *de*cryption.

The NY piece goes on to directly state that whatever came out of this plane allowed the Chinese to decrypt US secrets a few years alter, and that makes absolutely no sense whatsoever.

The only sensible thing in the entire piece appears to be a comment by Brian W. Point 3 of that comment makes some kind of sense – just possibly, the crypto keys are buried in some hardware (not that the NY article mentions this possibility). But but but – still, why? Perhaps, not to save the intercept data but to communicate back to base? But even then, were that so, you’d know that was the bit you had to destroy.

None of this makes any sense – apologies if I’ve been a bit incoherent here but the NY piece seems so obviously nonsensical that it is hard to know where to start.