N.S.A. Foils Much Internet Encryption

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

N.S.A. Foils Much Internet Encryption

Wahoo - well people suspected it 10 years ago but it looks like the full effects have only been available sine about 2010:

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

I guess there's not too much to say really - except someone gets "I told you so" bragging rights!!

Encryption will always get broken because computers continue to become more powerful. The ironic part about all this is anyone with any real secrets wont use the internet, or even phones, they'll employ humans to make delivery by hand.

If you were a terrorist would you use the internet?

Just goes to prove this is all about spying on the ordinary person.

Thread with same title already posted here:

www.abovetopsecret.com...

In that case the search function sucks!!

but IIRC a thread in Alt Breaking News is allowed as one in the substantive forum isn't it?

Aloysius the Gaul
In that case the search function sucks!!

but IIRC a thread in Alt Breaking News is allowed as one in the substantive forum isn't it?

You recall correctly, sir.

RE: the OP...obviously there are many someone's with the "I Told You So!" bragging rights. Which, when combined with $2.00 will get you a Coke at the local Toot-n-Totem.

So I wonder if they have cracked the "Insurance" files from Wiki?

As it regards folks communicating by internet...you can encrypt in benign material. It has been done for ages. It is how people wrote books on esoterica.

Originally posted by Aloysius the Gaul
N.S.A. Foils Much Internet Encryption

They not only figured out how to crack encryption, they secretly created backdoors and weaknesses in encryption to make it easier for them to crack! Many people didn't believe that was happening, but apparently it was.

It's not just a matter of spying...they may have succeeded in one mission, but have failed in their other mission, as the article says:

But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.

So not only has this destroyed the security of American communications that they should be protecting, but it will also have commercial implications as well.

The American economy won't be helped as customers of security and encryption products turn away from the US. The article actually ends on that poignant note:

Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

The ominous warning would seem to have some foundations as we now see.

Quantum Cryptography cannot be exploited without the senders or receivers knowing it has been compromised.

If you’ve got communications that absolutely cannot be intercepted—whether you’re a NSA whistleblower, the president of Mexico, or Coca-Cola—quantum cryptography is the way to go. It harnesses the bizarro-world properties of quantum physics to ensure that information sent from point A to point B isn’t intercepted. The laws of physics dictate that nobody—not even the NSA—can measure a quantum system without disrupting it.

qz.com...

As far as this information is concerned. James Bamford said as much in his famous article about the Utah data center.

But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

Bamfords article was written 3 years ago and he says basically everything Snowden has leaked recently.

www.wired.com...

reply to post by GArnold

True, but I'm sure to the NSA's delight, very few use that.

Originally posted by Arbitrageur
reply to post by GArnold

 

True, but I'm sure to the NSA's delight, very few use that.

Well right now you are right. As it becomes less expensive it will be used more and more. There are communications that Govt or Corporations will pay huge money for if they can be assured it is un breakable.

Here is a link to the paper in Nature.

First the abstract.

The theoretically proven security of quantum key distribution (QKD) could revolutionize the way in which information exchange is protected in the future1, 2. Several field tests of QKD have proven it to be a reliable technology for cryptographic key exchange and have demonstrated nodal networks of point-to-point links3, 4, 5. However, until now no convincing answer has been given to the question of how to extend the scope of QKD beyond niche applications in dedicated high security networks. Here we introduce and experimentally demonstrate the concept of a ‘quantum access network’: based on simple and cost-effective telecommunication technologies, the scheme can greatly expand the number of users in quantum networks and therefore vastly broaden their appeal. We show that a high-speed single-photon detector positioned at a network node can be shared between up to 64 users for exchanging secret keys with the node, thereby significantly reducing the hardware requirements for each user added to the network. This point-to-multipoint architecture removes one of the main obstacles restricting the widespread application of QKD. It presents a viable method for realizing multi-user QKD networks with efficient use of resources, and brings QKD closer to becoming a widespread technology. Subject terms: Quantum information Fibre optics and optical communications Quantum optics Photonic devices READ THE FULL ARTICLE

www.nature.com...

reply to post by GArnold


I suspect the utah data center is a Qcomputing core. NSA is probably much further along- R&D budget snowden released looks suspiciously low for the utah data center. The budget breakdown leads me to suspect they are implementing a 'perfected' qcomputing system that will have widespread real time capabilities.

Automated drones-health care related real time behavioral analysis for O'care etc. Latter is probably the first thing that's going to be done with it domestically.

Originally posted by VoidHawk
Encryption will always get broken because computers continue to become more powerful. The ironic part about all this is anyone with any real secrets wont use the internet, or even phones, they'll employ humans to make delivery by hand.

An encrypted person can be broken more easily than an encrypted file.

sjorges2002
reply to post by GArnold

 

I suspect the utah data center is a Qcomputing core. NSA is probably much further along- R&D budget snowden released looks suspiciously low for the utah data center. The budget breakdown leads me to suspect they are implementing a 'perfected' qcomputing system that will have widespread real time capabilities.

Automated drones-health care related real time behavioral analysis for O'care etc. Latter is probably the first thing that's going to be done with it domestically.

Interesting. Bradford's article makes it sound as if Crypto will be the core goal of Utah but maybe your right that it will be used for other purposes.

Some encryption out there was botched to start with so exploiting those is probably easy. As far as cracking AES256, RSA/NSA 1024,2048,4096 I don't think they can even with super computer clustering.

BrianFlanders

Originally posted by VoidHawk
Encryption will always get broken because computers continue to become more powerful. The ironic part about all this is anyone with any real secrets wont use the internet, or even phones, they'll employ humans to make delivery by hand.

An encrypted person can be broken more easily than an encrypted file.

Those people making delivery would not know what they were delivering, or even to whom they were delivering to. They would simply be told to be at a specific location at a specific time. The person they meet might be just the same as them, and know nothing whatsoever other than to be at a specific place etc etc. If they get caught, only the information they carry would be compromised. So why on earth would any organization such as terrorists or even the alphabets use a phone or computer for the sensitive stuff?

reply to post by GArnold

Interesting. Bradford's article makes it sound as if Crypto will be the core goal of Utah but maybe your right that it will be used for other purposes.

A while ago I read an article that stated Snowden impersonated high level officials electronically. With compartmentalization etc that he had to get around maybe he had to decrypt their user keys/pwords/usernames... I cant imagine that a computer tech would be able to see unencrypted usernames and 'passwords' in a security conscious place like the NSA or their contractors. I think NSA might already have a functioning, smaller qcore prototype and snowden may have gotten access to it thru his role at BAH. Humint techniques, keyloggers and things like that would have been easy to track down and require physical access which I dont believe he had. Using the computers available today it would take a long time to break NSA encryption- he worked for that contractor only 2yrs or so.

Snowden is holding back on info, there is a good reason he ran when he did and I dont think we have heard it yet.

I cant help wondering if the hastings death and snowden are somehow linked.

reply to post by Aloysius the Gaul


they can crack it only in case of medium-grade encryption at best i guess. if the encryption is end-to-end, the only way to bypass it is to hack into your computer. lets say you're using a wireless keyboard, and lets say that keyboard has a backdoor implemented, so that NSA agents next door can sniff your passwords - that's how it may work. if you have NSA agents next door though, you're in big trouble already.

good luck cracking 4096bit gpg keys. it's the info snowden released, and they were pretty pissed about it, because when people are aware of the fact that NSA can possibly crack some keys, they may start using higher-grade encryption, rendering NSA efforts pointless. old news.

and if you're afraid of backdoors, use opensource software, like gpg. they can pay corporations to implement backdoors in their closed-source commercial (or freeware) software, but building those into opensource software, where everyone can find them and remove them, is pretty much pointless.