dslreports logo
site
spacer

spacer
 
   
spc
story category
Snowden Docs: NSA Has Most Common Encryption Bested
by Karl Bode 09:06AM Friday Sep 06 2013
The latest Edward Snowden bombshell comes courtesy of the New York Times, who in a report this week notes that the NSA has managed to defeat most of the most common encryption schemes available using a wide variety of tactics. According to the documents received by the Times, the NSA has spent decades using supercomputers, "technical trickery," backdoors, court orders and behind-the-scenes persuasion to undermine major encryption tools.

To be clear good encryption remains often difficult or impossible to compromise using brute force. The NSA obviously doesn't need to kick down the door when they can walk in an open window however, and are utilizing software bugs and vulnerabilities, poorly designed crypto products, insecure networks, leaked keys, etc. From the Times:
quote:
The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
The Times notes that the NSA requested both the Times and other outlets running with this story not to publish, arguing that it would result in people developing new encryption standards:
quote:
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
ProPublica, which also ran a story, has published a statement explaining why they feel publishing this story was necessary. The Guardian's story on this latest revelation also claim the government urged them not to publish their findings on encryption. Also noting in the Guardian report is a bit that notes the NSA recruits from telcos and telecom companies to aid them in inserting vulnerabilities worldwide:
quote:
To help secure an insider advantage, GCHQ also established a Humint Operations Team (HOT). Humint, short for "human intelligence" refers to information gleaned directly from sources or undercover agents. This GCHQ team was, according to an internal document, "responsible for identifying, recruiting and running covert agents in the global telecommunications industry." "This enables GCHQ to tackle some of its most challenging targets," the report said. The efforts made by the NSA and GCHQ against encryption technologies may have negative consequences for all internet users, experts warn."
The revelations piggyback on a report by the Washington Post late last month highlighting the agency's previously-unknown (though assumed by many) ability to defeat most major encryption standards. As added reading, readers might want to check out Bruce Schneier's top five tips on securing yourself in this brave new NSA surveillance age.


63 comments .. click to read

Recommended comments




Metatron2008
Premium
join:2008-09-02
united state

3 recommendations

All of those who say 'I have nothing to hide blah blah blah'

Please stop posting from an anon account and post your name, addres, dob, etc, or STFO.



Metatron2008
Premium
join:2008-09-02
united state

2 recommendations

reply to AnonMan

Re: Most encryption has been defeated for a while by NSA

Yes, because giving men complete power over your lives has never backfired.



Metatron2008
Premium
join:2008-09-02
united state

2 recommendations

reply to jeff17

Re: nice story.

People in the 30's also didn't have anything to worry about from the Nazi SS if they did nothing wrong, right?

It's not like anyone who has absolute power has ever abused it before, right...??



morbo
Complete Your Transaction

join:2002-01-22
00000
Reviews:
·Charter

3 recommendations

reply to AnonMan

Re: Most encryption has been defeated for a while by NSA

said by Anon80:

Point is, if you're not doing anything illegal don't worry.

That is not the point at all.


ironweasel
Weezy
Premium
join:2000-09-13
Belen, NM
kudos:1

6 recommendations

reply to jeff17

Re: nice story.

No, these are not the consequences when we communicate digitally.

These are the consequences when an alphabet agency decides it needs to spy on anything and everything in the name of "national security". One can argue the whole point of "if you're not doing anything wrong then you have nothing to hide", but that's just a lame excuse to justify their actions. It doesn't matter if I'm sending an email to my Aunt Gertie or chatting online with a support rep from my cable company - I should be able to do it without having someone basically standing over my shoulder the entire time.

Encryption exists for a reason and I'm sure there are nefarious reasons but there are also plenty of legitimate reasons as well. It's like making sure you have steel doors and bullet proof glass on your house along with the most sophisticated alarm system out there and then giving the keys and access code to your nosy neighbor knowing full well that they like to come snoop around in your house looking for that meth lab you might have. You're not actually the next Walter White, but it's cool if that neighbor comes in and checks your house out all the time, right?
--
I'll be stretching out the rhyme like gravity stretches time.



Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN

5 recommendations

reply to jeff17

You obviously misunderstand. Anything that the NSA can use, so can hackers. If there is a backdoor built into anything that allows the NSA to access it, rest assured that someone else can be using it also. That is one of the primary problems with creating a method for the "good guys", nothing stops the "bad guys" from using it also.
--
"Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." - Robert A. Heinlein


jeff17

join:2000-12-11
US

3 recommendations

I don't care. Hack away, read all my email, texts, bills, whatever. Enjoy it. These are the consequences when we communicate digitally/online. Deal with it.