Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy United States

NSA Building US's Biggest Spy Center 279

New submitter AstroPhilosopher writes "The National Security Agency is building a complex to monitor and store 'all' communications in a million-square-foot facility. One of its secret roles? Code-breaking your private, personal information. Everybody's a target. Quoting Wired: 'Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. "We questioned it one time," says another source, a senior intelligence manager who was also involved with the planning. "Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys." According to the official, these experts told then-director of national intelligence Dennis Blair, "You’ve got to build this thing because we just don’t have the capability of doing the code-breaking." It was a candid admission.'"
This discussion has been archived. No new comments can be posted.

NSA Building US's Biggest Spy Center

Comments Filter:
  • by Grog6 ( 85859 ) on Friday March 16, 2012 @12:07PM (#39379643)

    Panopticon this week; Maybe we'll get Skynet by accident?

    That might be best for everyone in the long run...

  • USA...we miss you! (Score:5, Insightful)

    by Anonymous Coward on Friday March 16, 2012 @12:07PM (#39379647)

    In american America, people monitor the government.
    In soviet America, the government monitors the people.

    • In american America, people monitor the government.
      In soviet America, the government monitors the people.

      Just an observation and being an election year, is that when this type of stuff went on before it was always Bush's "plan", yet not one word against Obama to do anything about it. Not surprising, but interesting.

      • by TehZorroness ( 1104427 ) on Friday March 16, 2012 @03:23PM (#39382335)

        Well, here's a word from me at least. Obama can eat a dick. I'm getting so fed up with this gradual transition to full autonomous surveillance. There will be people out in the streets about this when things start getting bad. Soon enough, the schism between reality and the fairy tales they told us about freedom in public school will be too wide even for the American Idol crowd to believe. An interesting time to live. It's just too bad we can't be investing these man-years and resources on attaining sustainability before the Earth becomes a giant radioactive ball of toxic shit inhabited by cannibalistic asshats.

      • by homer_ca ( 144738 ) on Friday March 16, 2012 @04:01PM (#39382895)

        That's ok. As long we get to keep our birth control and our gay rights, democracy is safe, right?

  • First, I already assumed they were doing this. second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.
    • could you create an encryption method that generates a new encryption key for every new message.

      Yes, modern cryptosystems do that. It's called an Initialisation Vector [wikipedia.org].

    • Re:a thought (Score:5, Interesting)

      by adturner ( 6453 ) on Friday March 16, 2012 @12:15PM (#39379785) Homepage

      That's basically what happens today with most protocols like SSL/TLS. For each new connection, the client and server negotiate a new key via public key crypto like RSA. Actually, based on some comments in the article, like needing more "transactions" to help break the encryption, makes me believe the NSA is actually working to break RSA then AES.

      • by CBravo ( 35450 )
        You don't build such a large datacenter without a good hint that it will work (out). It means they are on to something. The first question is what exactly are they after: Private keys from SSL certificates, private key of root certificate from certificate authoroties, personal private keys, ... Then the question remains: How do you keep your secret key a secret?
    • second, i don't know so just a thought. could you create an encryption method that generates a new encryption key for every new message.

      Sure, but you have to be more specific. A one time pad might meet your definition, as might standard hybrid public/private encryption (which is widely used).

    • by mlts ( 1038732 ) *

      PGP does this, as every message/file sent has its own symmetric encryption key, with only the key material encrypted with RSA/DSS.

      However, if the public/private key gets broken, all bets are off.

  • ...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?
    • ...seems appropriate as a term for how the US government takes its stance towards the rest of the world. Even although broke. How long, yet ?

      We're not broke, just bleeding.

      All the hand-wringing is because certain politicians are upset that we're not spending all of it on the haves.

      • Re: (Score:2, Informative)

        by RenderSeven ( 938535 )

        All the hand-wringing is because certain politicians are upset that we're not stealing all of it from the haves.

        FTFY

  • How many bits should we use for encryption now?

    • Re:How many bits? (Score:5, Insightful)

      by KhabaLox ( 1906148 ) on Friday March 16, 2012 @12:14PM (#39379763)

      How many bits should we use for encryption now?

      More.

      • Re:How many bits? (Score:5, Insightful)

        by TheGratefulNet ( 143330 ) on Friday March 16, 2012 @12:25PM (#39379911)

        and even better: send false positives to waste their time.

        perhaps the crypto protocols need enhancing to allow fake bullshit messages that can't easily be told from real crypto stuff.

        ie, DOS them.

        I know, they have lots of power but it IS a war. war on our privacy and its so blatant now, they don't even try to hide their break-in attempts to us, anymore.

        the ONLY reason encryption was allowed in the first place was for banking and online 'business'. if there was not this use-case, we would be disallowed encryption entirely.

    • Re:How many bits? (Score:5, Informative)

      by Black Parrot ( 19622 ) on Friday March 16, 2012 @12:15PM (#39379783)

      How many bits should we use for encryption now?

      If you assume peak computing power is doubling ever n years, they you need one more bit every n years to keep ahead.

      And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

      • At most you need one (symmetric) key bit for every bit in every message you plan to send using that key. That effectively turns it into a one-time pad, which cannot be broken through brute force—there is a valid key for every possible cleartext of that length. (Be sure to pad the message!)

      • And of course, whatever you use now will be breakable in the future, if anyone cares to save your messages until computing catches up.

        Which is the whole point of this new facility according to TFA.

    • As many as you can. I get the feeling from TFA that they can at least crack AES-128.

      • Re:How many bits? (Score:4, Informative)

        by TheTrueScotsman ( 1191887 ) on Friday March 16, 2012 @01:18PM (#39380579)

        There's no way they can crack AES-128 unless there's a hole in the algorithm or they have quantum computing.

        Current best practices are:

        1) AES-128 to AES-256 for symmetric keys (although AES-256 has its own problems which can sometimes collapse it to AES-128 - these are ameloriated by increasing the key rounds)

        2) 2048-bit to 4092-bit for RSA keys (2048 may be breakable by 2030 with conventional computing, 4092-bit will take much longer).

        If quantum computing becomes feasible then AES keys will effectively halve in complexity (i.e. AES-128 goes to 64-bit, AES-256 goes to AES-128) and RSA and DSA keys will be useless.

    • by Beardo the Bearded ( 321478 ) on Friday March 16, 2012 @12:18PM (#39379807)

      Use no encryption and have a sig like mine. Eventually someone gets bored of reading every mundane post and email and puts you on an "ignore" filter.

    • Re:How many bits? (Score:4, Insightful)

      by SuricouRaven ( 1897204 ) on Friday March 16, 2012 @12:19PM (#39379823)
      I think at this point it isn't about the number of bits, it's about luck, implimentation issues and the search for user error. Doesn't matter how many bits you use if they can sneak a copy of your laptop hard drive and find the key somewhere in swap space, or if your 8192-bit key is derived from a passphrase that's only ten alphanumeric characters, or if they can pull off an effective MITM attack on an SSL by threatening/bribing/asking a trusted certification authority to sign their cert.
      • by Hatta ( 162192 )

        If it wasn't about how many bits you used, there would be no use for the giant cluster they are building.

      • While those are legitimate attack vectors, they do not seem to be what this facility will perform. If it's purely a passive listener of all internet & phone communication, looking for "patterns" and "threats" from the entire haystack, then using stronger encryption would seem to be sensible.

    • by mhajicek ( 1582795 ) on Friday March 16, 2012 @01:06PM (#39380449)

      How many bits should we use for encryption now?

      All of them.

    • by mlts ( 1038732 ) *

      I'd not worry about bits as much as the algorithm and the block size.

      Ideally, one would cascade three solid encryption algorithms, be it AES, Serpent, and Twofish. Not so one can say they have a 768 bit key [1], but if one of the algorithms has a weakness that reduces its strength, the data is still protected. This is why I wish programs which signed documents would not just use RSA or DSS, but that, as well as a ECC key, as well as using a public/private key system that isn't vulnerable to Shor's Algorit

  • The more messages from a given target, the more likely it is for the computers to detect telltale patterns

    IIRC, that's not true, for a good encryptation system.

    For a *perfect* encryptation system, the messages would be indistinguishable from random patterns of bits.

    • (it's "encryption", not "encryptation")

      Think of the timing between messages, and the length of messages; those can tell a lot about the communication even without decoding anything. I'm not sure any popular cryptosystem uses junk payloads to thwart that kind of analysis, because of the extra computational and bandwidth burden.

      It could also be the case that the NSA does have some weaknesses on popular algorithms, and that the "telltale patterns" fact does hold for bit analysis when the scales get really, re

  • by Anonymous Coward on Friday March 16, 2012 @12:17PM (#39379801)

    The whole we-can't-break-codes-anymore story is told in

    http://www.amazon.com/Coded-Messages-Hoodwink-Congress-People/dp/0875868142/ref=sr_1_1?ie=UTF8&qid=1331918025&sr=8-1

    Coded Messages: How the CIA and the NSA Hoodwink Congress and the People

    by Nelson McAvoy, former NSA person, who claims to have been at the early meetings from when the NSA was formed.

  • by K. S. Kyosuke ( 729550 ) on Friday March 16, 2012 @12:19PM (#39379835)

    One of its secret roles? Code-breaking your private, personal information. Everybody's a target.

    Gee, if that is a secret, I promise not to tell anyone. Anyone joining me on that? Just hope that no one will read this article who doesn't already know, that would kind of spoil it.

  • How sure are you that they are actually breaking into anything there?

  • I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

    • by Hentes ( 2461350 )

      Because codebreaking has been obsolete since 1978, as the NSA will find out the hard way.

    • by TheGratefulNet ( 143330 ) on Friday March 16, 2012 @12:31PM (#39380011)

      WHO would work for them, I ask you?

      decades ago, the people didn't view their government quite the way they do today. some patriotism did exist and people wanted to help their government. *generally*.

      today we all see how invasive and evil our government has become. totally 100% lost its way. almost anything it does, it does badly and hurts people, long and short run.

      if I was offered a job for the so-called white hats (which I now see as black hats) I'd turn it down. I would not be able to live with myself knowing I'm helping an evil force become more evil and more forceful.

      I do realize a lot of people can easily shelve their ethics and see money-making jobs as separate. but I wonder how many people still believe that if they join the government or gov-sponsored jobs, that they are really HELPING things?

      too many black marks on the government. working for them could be as bad as working for the old mafias. the people that they do get, I would not trust. they are whores.

      • WHO would work for them, I ask you?

        Someone who likes lots of money.

        • unless you're a private contractor, you're not going to make a lot of money off the government. the oversight is too steep. government is expensive, not because it pays out huge secret bonuses to individuals, but because it pays out average wages to hordes of pencil-pushing regulators who watch each other and make sure no one is breaking the rules, which are in a constant state of flux.
      • Mostly mathematicians. Where I went to college, after finishing undergrad you either went on to grad school, or you went and worked for the NSA. One of my friends who went to grad school to study abstract mathematics (as well as some encryption) said you could always tell the NSA people from the academics because they had no name tags on.

    • by zill ( 1690130 )

      when a COS let an asset into their HQ and he blew half the station to kingdom come.

      In case anyone else didn't get the reference. [wikipedia.org]

    • by alen ( 225700 )

      same thing, different tech

      you collect data, look for patterns and break the code

      if someone is spying to blow up a building then they will do it for months and report back. the code they use for the target will probably never change and you just have to look for similar patterns

    • by slew ( 2918 ) on Friday March 16, 2012 @01:10PM (#39380493)

      I wonder if that sentence says more than they intended it to. Could it be that the skills of the NSA people are eroding just like the skills at CIA did? I knew that CIA was in trouble - tradecraft-wise - when a COS let an asset into their HQ and he blew half the station to kingdom come. No one would have done that in the old days. Maybe NSA is having the same problem.

      Crypto-guys are the "old guys" from a tradecraft point of view. AFAIK, in the NSA, many of the old-guys are involved with developing clever new internal ciphers (so-called classified "suite-A" algorithms). Since many of the "bad-guys" aren't nation states with heavy duty crypto development capablities, they often are using off the shelf stuff like AES/ECDSA (members of the "suite-B" algorithms). Until someone discovers a huge gaping hole backdoor, breaking these "suite-B" algorithms benefit from mostly from brute force (even if you know a few clever tricks that others do not which chops things down an order of magnitude or two). This is pretty much an admission that there is no huge gaping back door in these suite-B algorithms, not that any crypto-tradecraft capability was in trouble.

      I find it oddly somewhat comforting that the we have "old-guys" that realize that sometimes the best thing to do is to throw this problem at a box of computers and spend their time on other pursuits. Who knows, this facility might be dedicated to cranking on some clever cracking algorithm that is unknown to the public, all we know it it takes lots of OPS. Isn't surpising to me that cracking these algorithms are hard. As a historical data point, DES was apparently hard for even the NSA to crack so they deliberatly limited the DES key size from the original 64-bits, to the final 56-bit (although the NSA apparently lobbied for a mere 48-bits).

  • What am I missing? (Score:5, Insightful)

    by Fnkmaster ( 89084 ) on Friday March 16, 2012 @12:22PM (#39379867)

    My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force. Even AES-128 is essentially unbreakable under any known attacks then, since brute forcing a single AES-128 password is so far beyond feasibility, it's absurd. My understanding is that the best known attacks on AES are side-channel attacks, which require only modest computational resources, but need access to the encrypting machine, and related-key attacks that are only effective for certain small classes of keys.

    So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

    And there have been several reports of FBI and other federal agencies being unable to recover AES-256 encrypted hard drives. So if NSA has the capability to do so even for small numbers of keys using existing computing power, they obviously keep it incredibly restricted and under wraps.

    So... this is BS by somebody, right? Either congress is getting BSed into funding stuff that won't do what they're being told it will do, or the public is getting BSed into believing that using encryption is pointless because NSA can real-time decrypt anything, so just don't bother, mmm'kay?

    • My understanding is that the best known general cryptanalytic attacks on AES are only marginally better than brute-force

      ... known outside the NSA. If they have something that would break AES easily, they probably keep it safely classified.

      • Even if they do have such a tool, it is still effectively useless. By analogy, during World War 2 the allies had broken the German ENIGMA codes, yet had to work very hard to pretend that the code was still secure, to prevent the Germans copping wise to the fact that their codes were useless and devising something better. The same applies here: if the NSA have broken AES, then they cannot use this hack for anything save national security, and must also work hard to prevent the merest suspicion of the hack ge

        • by zill ( 1690130 )

          The best thing we could do would be to club together to fund a bounty for information on how to break AES without using brute-force computing

          That's basically what academia has been trying to do before Rijndael even became AES. There are more than a dozen papers on AES attacks, the fastest of which is faster than brute-force by a factor of 4.

          It basically comes down to whether academia has more brains or NSA has more brains.

    • My understanding is that the best publicly known general cryptanalytic attacks on AES are only marginally better than brute-force

      That is what you are missing.

      So we can then assume that NSA has a general attack on AES that makes it many, many orders of magnitude easier to break than the best known published attacks? Or is this more likely to be disinformation spread to make people *think* that AES is broken by NSA? My understanding was that NSA is generally somewhat but not extremely far beyond the academic state of the art these days.

      How would we even know? The NSA will always have an advantage over public research: they have access to all the public research, as well as classified expertise.

      • How would we even know? The NSA will always have an advantage over public research: they have access to all the public research, as well as classified expertise.

        Maybe. If you can't publish your findings, others can't error check them. Great for getting funding, not so great for actual work. In the final analysis, the KGB made up as much information as they gathered. Even when they did uncover the truth, they wouldn't bump it upstairs, instead telling their leaders what the leaders wanted to hear.
        During Gulf War I, General Swartzkopf (sp?) complained that the intelligence he was getting was useless, because it was facts followed by the analysis "X might happen

        • by mbkennel ( 97636 )

          "During Gulf War I, General Swartzkopf (sp?) complained that the intelligence he was getting was useless, because it was facts followed by the analysis "X might happen, or X might not happen""

          Sounds like the intelligence sector was working as designed, they are supposed to give facts to policy makers and not try to make policy. Policy includes military strategy.

    • Either congress is getting BSed into funding stuff that won't do what they're being told it will do

      "star wars". lasers and shooting bad guys down. hey, idiots in 'elected office' can understand simple things like that. here, take my money!

      same here: big supercomputers that cost money, staff to run it and fat budgets to keep it going. wet dreams, no? who would NOT want that? and its an easy sell. the world is filled with terr-a-wrists and we need lots and lots of big blinkinlight computers to keep us

      • "keep us save".

        sigh. OT: I really do know the difference between 'safe' and 'save'. so why did I type 'save' on that post? I don't know,;but I'm not alone in this problem and I see lots of people type one thing when they were thinking another. its a real problem. brain rate != finger rate? lost sync in the clock and data streams? something like that.

  • by lemur3 ( 997863 ) on Friday March 16, 2012 @12:22PM (#39379877)

    uckfay offway ationalnay ecuritysay agencyway

  • I think I've been watching too much Person of Interest [wikipedia.org].
  • Just wondering if anyone has the exact latitude & longitude coordinates for this facility.

    Gonna need 'em for programming all the home-brew autonomous high-explosive and incendiary-carrying kamikaze drones needed to take this facility out.

    Strat

    • I know that you're probably trying to be funny, but in this case discretion may be a better idea.

    • by Forbman ( 794277 )

      Strange, I just got a new email from Amazon Web Services and how they've got some new service offerings coming on line soon for the Virginia area...Hmm...

  • by Gim Tom ( 716904 ) on Friday March 16, 2012 @12:37PM (#39380087)
    The one time pad could make a comeback in the form of a one time DVD's or maybe even SD or Micro SD chips. I know, it is not scalable due to the problem of distribution. It is also symmetric in that the same "key" encrypts and decrypts, but it is also immune to brute force since your one time key is equal to or longer than the message length. An interesting variation might be to use an image file that is very long, but completely innocent as a pseudo random key and only have two copies of that exact image. The former Soviet Union used a one time cypher for all of their clandestine agent communications.
  • by jfengel ( 409917 ) on Friday March 16, 2012 @12:38PM (#39380101) Homepage Journal

    The NSA is located in Maryland. At the end of the shift, traffic is bad enough between there and Columbia to block up the Interstates. That includes not just the cryptoanalysts, but the vast support staff: IT, cafeteria workers, security, human resources, etc etc etc.

    Who's in Bluffdale? Where is all that support staff going to come from, and what are they going to do with the rest of their lives? Although the NSA is on a military base, a lot of the work is done by civilians, and you can't just order them into the middle of nowhere the way you can with soldiers.

    • by decsnake ( 6658 )

      who's going to be in bluffdale? almost nobody. Security, facility maintenance, remote hands and thats about it. The rest of the folks will be in your way on Rt 32 on their way home from work. Srsly, they are building office buildings where the Ft. Meade golf course used to be. Who do you think is going to be working in those?

    • by trolman ( 648780 ) *
      The primary problem in Maryland is power. There is not enough generation/transmission available. So the big data centers are being built where free cooling and cheap power can be found.
    • by AHuxley ( 892839 )
      Salt lake city was selected for a very good reason. The people are loyal, pro USA and want good jobs. Their families can be traced back generations and can be interviewed - that is most important.
      They do not want new Americans, "dual" citizens with dreams of distant issues, people with no real pasts.
      The other issue is power supply, cooling, room to expand and optical loops in the heart of the USA.
  • by Relayman ( 1068986 ) on Friday March 16, 2012 @12:45PM (#39380209)

    Code-breaking your private, personal information. Everybody's a target.

    To target everyone would be a total waste of resources. I would spend as much money figuring out who to target as I would decrypting anything send by that target.

    It's like saying, "We're going to mine the whole state of California to find the gold there."

    • To target everyone would be a total waste of resources

      Not to mention unconstitutional and illegal [wikipedia.org] Oh wait, Obama's continuing the Bush policy? Never mind. Totally different then.

    • Code-breaking your private, personal information. Everybody's a target.

      To target everyone would be a total waste of resources. I would spend as much money figuring out who to target as I would decrypting anything send by that target. It's like saying, "We're going to mine the whole state of California to find the gold there."

      But sampling a few people makes sense for the same reason. With a big enough infrastructure, 1,000,000 people is a reasonable sample, even if only 1,000 get full on 100% communications scrutiny. They have to have a baseline, what does a "normal" person look like, which they can then compare to known bad actors. Then they figure out the minimum amount of data they need to filters the bad guys from the norms. If that minimum amount times the population of the US is less than their resources, they could

  • by careysb ( 566113 ) on Friday March 16, 2012 @01:09PM (#39380487)
    A tribute to "Person of Interest". The Machine.
  • Ask a bunch of people whether they need more resources and they got back a "yes! we can't do your job with what we have".
  • by mbkennel ( 97636 ) on Friday March 16, 2012 @01:17PM (#39380569)

    I actually doubt that they are most interested in brute-force codebreaking through the front door except in a few rare situations.

    Most of the time, it's massive traffic analysis: searching and analyzing a titanic, dynamically changing graph, nodes are IP addresses and phone numbers of the planet.

    Once they find a 'target of interest', then they would usually ask the FBI or other authority just to put a tap on a specific line, or if necessary break in and install a trojan on the target's phone or computer, avoiding front-door code-bashing, which isn't generally feasible in large scale any more.

    There are companies (e.g. http://www.conveycomputer.com/ [conveycomputer.com]) which make highly parallel co-processors from FPGA's which give user-definable vectorized instructions on enormous memory bandwidth.

    This is just the thing for the NSA.

  • The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    Ahhh. This was from version 1.0 and no longer applies.

Keep up the good work! But please don't ask me to help.

Working...