General Discussion

Latest Snowden Revelation: NSA Sabotaged Electronic Locks
by Jon Healey

The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening. It reveals that the National Security Agency has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems. Its work has allegedly weakened the scrambling not just of terrorists' emails but also bank transactions, medical records and communications among coworkers. This undated photo provided by the National Security Agency shows its headquarters in Ft. Meade, Md. (Handout / Getty Images / May 11, 2006)

Here's the money graf:

"The NSA hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world."
. . .

http://www.commondreams.org/view/2013/09/06-2


Published on Friday, September 6, 2013 by Deeplinks Blog
Leaks Show NSA is Working to Undermine Encrypted Communications, Here's How You Can Fight Back
by Eva Galperin and Dan Auerbach

Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software. (Photograph: Kacper Pempel/Reuters)In one of the most significant leaks to date regarding National Security Agency (NSA) spying, the New York Times, the Guardian, and ProPublica reported Thursday that the NSA has gone to extraordinary lengths to secretly undermine our secure communications infrastructure, collaborating with GCHQ (Britain's NSA equivalent) and a select few intelligence organizations worldwide.

These frightening revelations imply that the NSA has not only pursued an aggressive program of obtaining private encryption keys for commercial products—allowing the organization to decrypt vast amounts of Internet traffic that use these products—but that the agency has also attempted to put backdoors into cryptographic standards designed to secure users' communications. Additionally, the leaked documents make clear that companies have been complicit in allowing this unprecedented spying to take place, though the identities of cooperating companies remain unknown.

Many important details about this program, codenamed Bullrun, are still unclear. For example, what communications are targeted? What service providers or software developers are cooperating with the NSA? What percentage of private encryption keys of targeted commercial products are successfully obtained? Does this store of private encryption keys (presumably procured through theft or company cooperation) contain those of popular web-based communication providers like Facebook and Google?

What is clear is that these NSA programs are an egregious violation of our privacy. We can and should enjoy a future where it is still possible to speak privately with fellow citizens, to freely associate and engage in political activism, and to be left alone when we want to be. If the NSA is allowed to continue building backdoors into our communications infrastructure, as law enforecement agencies have lobbied for, then the communications of billions of people risk being perpetually insecure against a variety of adversaries, ranging from foreign governments to criminals to domestic spy agencies, which would have disastrous economic consequences.

. . . .

http://www.commondreams.org/view/2013/09/06-5



. . . .

As joint reporting by ProPublica and the New York Times explains, according to the documents and interviews with industry officials, the NSA has deployed "custom-built, superfast computers to break codes" and began collaborating with "technology companies in the United States and abroad" to build 'backdoor' entry points into their products and introduce weaknesses into their encryption standards.

The records do not identify which specific companies have been working with the NSA to this extent. However, one document does reveal that a GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.
"By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet."
. . . . . .

As one of the NSA documents obtained by the news agencies states, the NSA "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs," and in turn inserts "vulnerabilities into commercial encryption
systems. "US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails," the Guardian reports.

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," a 2010 GCHQ document states. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.

. . .

http://www.commondreams.org/headline/2013/09/05-7