NSA Foils Much Internet Encryption

An anonymous reader writes "The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'" You may prefer Pro Publica's non-paywalled version, instead, or The Guardian's.

The lede leaves out two important points

[Anonymous Coward]

1. The NSA actively worked to gain control of standards processes and subvert them.

2. The NSA covertly employs people in telcos without the knowledge of the telcos.

The sound you hear is the sound of the last 20 years of work in academic and industry, on standards
and code, on processes and procedures, quietly disintegrating.

The View From Jerry's Desk.

[bmo]

When writing finite bits to the disk sector, there is a finite probability that the resultant string of randomised bits MAY in fact generate something incriminating.

For example: (regardless of how unlikely this may seem), any string of random characters may well create a brand new wordfile on the computer by pure chance .. which contains legible words, which string together to form sentences which may in turn connect the previous owner of the hard disk with Al-Qaida, the Mafia, insider trading, un-patriotic activites, Linux 'development', or any manner of unsavory activities.

The larger the hard disk being randomly 'wiped' in this fashion, the greater the probability that some new and undesirable content would be created by chance.

I for one would NOT place my trust in such a tool, risking a lifetime of torment in Guantanimo Bay in exchange for the 'security' of having my hard disk cleaned prior to resale.

The solution ? One should purchase a new copy of the Windows 8 for the said hard disk, and install this on the disk. This would effectively wipe clean the disk of any previous content. The disk could then be disposed of cleanly, with a note that the new owner must purchase another legal copy of the Windows 8 before installing the disk.

In this situation - everyone wins.

--
BMO

Re:Uh... okay

[Hatta]

Cracking doesn't mean brute force. If you compromise the key, the encryption is just as surely cracked. Chances are what they really mean here is that they've compromised the certificate authorities that are trusted by default by most web browsers. Turns out self signed certificates really are more secure.

GPG and SSH are probably safe as you generate your own keys on the local machine.

perspective

[geekoid]

the NSA has done over a 100,000,000 million legal searches.
From all the leaked records, 22,000 are questionable. Those 22,000 lie everywhere between needing a judicial interpretation, to blatant breech.
The leaks also show NSA's number one whistle blower to the courts is the NSA. They report them and correct them.

Not to excuse there blatantly illegal searches, but to thing the whole system is some corrupt entity that s out to get everyone is simply wrong.
No evidences supports that at all.we have a lot of hope becasue none of the evidences shows it to be nearly as bad as the media claims. And certainly nowhere near where the chicken littles on /. claim.

Re:SSH?

[jasno]

Yeah, I figured they can always classify the private keys as business records and request them via subpeona. Nothing in the law prevents it.

Lenovo?

[steelfood]

From ProPublica:

In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.

Who else remembers the debacle about the government no longer purchasing Lenovo computers? I remember some people saying that if the U.S. government is making all this fuss about it, they're probably the ones doing it.

This seems to indicate those people are correct.

Re:Uh... okay

[Hatta]

No need to compromise anything. They just need a single CA to be complicit with a court order to produce a certificate that signs an NSA-provided key for a specific site.

That's what's meant by "compromise".

Self-signed keys are not more secure. If a site goes from a self-signed cert to a signed cert with a different key, most browsers do not display any warning.

If you remove the CAs from your list of trusted certificates, it would display a warning.

Although you can install anti-MITM tools that produce a warning when the key changes, those tools would detect such a government MITM whether you're using a CA-signed cert or a self-signed cert

Unless the NSA is forcing the CAs to compromise every single certificate they offer. They may not be, but it would be foolish to assume that they aren't.

Re:Uh... okay

[cryptizard]

Note that no-one has been able to prove there are no efficient solutions to integer factorisation or discrete logs - maybe the reason those proofs is so elusive is because it doesn't exist.

That's because it's impossible to prove such a statement without also proving that P != NP. There is very little hope in constructively showing the difficulty of these problems, we just say "smart people have been working on integer factorization for thousands of years and they haven't figured out a way to do it, so we can trust it for now." It's not foolproof, but it's the best we can do.

Re:I call bullshit

[Rich0]

The NSA can crack 4096-bit PGP keys? I doubt it. Seems like FUD to dissuade people from even attempting to use encryption

There is no mathematical proof that 4096-bit PGP keys are secure. You can only say that known algorithms cannot find a key in a practical amount of time on known computational hardware.

You don't know if an algorithm exists that would allow the keys to be factored in a short period of time. You also don't know if somebody has developed a practical quantum computer - it is already known that one would allow certain encryption systems to be trivially broken.

For every mathematician publishing articles about cryptography in the public space, there are probably 100 much-better-paid ones publishing articles in internal NSA publications. The NSA is by far the largest employer of mathematicians on earth - and they hire the best and the brightest they can find.

Re:SSH?

[sneakyimp]

I'm more inclined to trust Bruce Schneier who says "I trust the mathematics [wired.com]," than the authors of this sensationalist NYTimes article. To me, it seems like they completely lack any nuanced understanding of the information flow and its vulnerabilities and are merely depending on whatever third-hand analysis they might have gleaned from reading other amateur blogs.

I agree that going to the service providers (e.g., google, yahoo, apple, phone companies, etc.) or building a backdoor into the software is a good way to go about it, but I hardly think that means that the NSA is "winning the war on encryption."

Re:SSH?

[sneakyimp]

Mod parent up. Nobody talking about this even seems to have the vaguest understanding of encryption.

Expectation of privacy?

[whoever57]

The agencyâ(TM)s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americansâ(TM) e-mails or phone calls without a warrant.

I can see (although I don't necessarily agree with) the argument that we have no expectation of privacy on metadata, but surely there is an expectation of pricacy on encrypted data. Surely the fact that the user has encrypted his data (or knows that it will be) provides an expecation of privacy that would invoke a 4th amendment protection.

Re:SSH?

[Anonymous Coward]

My old boss was employee 7 at Verisign and he says he was there the day they came for the keys. No he was not in the room. Dudes in suits show up in black SUV's and all the key holders were taken in back with the boss. I think they have had this for a very long time. Good thing that stuff you guys call money only represents debt and has no real value.

Re:Let us endeavour to create better encription

[Austerity Empowers]

We can all participate in this research!

http://translationparty.com/ [translationparty.com]

Re:SSH?

[mi]

My old boss was employee 7 at Verisign and he says he was there the day they came for the keys.

The silver lining in this sad story is that the algorithm used by SSL itself is still unbreakable to the NSA. They wouldn't have needed the keys otherwise. So asymmetric crypto is still sound — if used properly — and privacy-minded people can still use it to communicate...

Re: SSH?

[0111 1110]

I think at this point it is safe to assume that all US or US ally based commercial software of any kind that is of some value to the NSA/GCHQ has been compromised. I would imagine that this will present a huge advantage to open source software in relevant fields. IMO any software company that allowed such backdoors deserves to go out of business. It also means that commercial anti-virus, firewall, and other security software has to be assumed to be backdoored for the NSA/GCHQ. This also gives Linux a huge advantage because it is not so dependent on high quality security software.

HTTPS forward secrecy to the rescue

[wytcld]

Your can configure your HTTPS server to use forward secrecy [ivanristic.com]. Forward secrecy uses one-time keys, generated by between the website and the browser for the single session. Most modern browsers support it. But it generally requires compiling the latest version of OpenSSL and the compiling Apache 2.4.x against that, not using the Apache 2.2.x versions that are standard in most of the Linux distros. More detail also here [ivanristic.com].

If you set up your webserver this way, and your visitors use the right browsers, they NSA's having good copies of the site's certificates won't gain them much. At least that's what Ivan Risti's saying. On TLS/SSL stuff, there may be no one better.

The NSA must serve us, not attack us.

[dweller_below]

As a security professional, one of my greatest threats is the Exploit Marketplace. You can fight mistakes. You can fight attackers. But it is almost impossible to fight economics. The exploit market is creating an economy that creates and enables exploit. It is the greatest driving force optimizing the Internet for Attack, instead of Defense. Now, it looks like the Exploit Marketplace was justified, founded and sustained by the NSA. We have learned that the NSA has enormous budgets devoted to purchasing exploits. Today we learn:

"The NSA spends $250m a year on a program which, among other goals, works with technology companies to 'covertly influence' their product designs."

So, the NSA creates exploit in everything they can influence. And they can influence almost everything. The NSA purchases exploit. Many times, they must be purchasing info on the exploits that they created. They preserve exploit. They mask everything in secrecy. And it all enhances the exploit marketplace.

If we could just get the NSA out of the exploit market, the whole thing would probably collapse like a real-estate broker's wet dream.

The other chilling revelation is the names of these programs:

"The NSA's codeword for its decryption program, Bullrun, is taken from a major battle of the American civil war. Its British counterpart, Edgehill, is named after the first major engagement of the English civil war, more than 200 years earlier."

The NSA has crappy internal discipline. Instead of using meaningless codewords for project names, their codewords frequently describe the project. PRISM described how the NSA collects info. These project names shout that the NSA is fomenting civil war. They are at war with the rest of the country.

• * The NSA must be stripped of it's ability to create exploit.
• * The NSA must be stripped of it's ability to purchase exploit.

If we survive as a nation of liberty, the NSA must serve us, not attack us.

expanding on this post.

[Wycliffe]

Expanding on the above post, if the US is installing and/or exploiting bug related backdoors in
commercial software it would take relatively few to reach 99+% coverage.
If you can get the OS's you're set as you can hit 99% with less than a half dozen.
Likewise with cellular providers, handset makers, virus scanners, printer (driver) manufacturers,
cpu manufacturers, router manufacturers, email clients, web browsers, office suites, etc....
Take any category of software or hardware most of which are dominated by only a few major players
and if you can get your foot in the door with any of them then you have control of the computer or
device. I'm not sure that linux even has that much advantage as there are few if any people who
compile everything from scratch and even if they do, how hard would it really be to get an
undocumented bug inserted into one of several hundred programs that run on a typical computer.
If they're willing to throw enough time, money, and power behind it, there is no way someone can
avoid being eavesdropped on.

Re:Works for me

[Anonymous Coward]

So it's okay if you're spied on by Australians, and Australians are spied on by the USA, and any intelligence is shared?