NSA's Inquisitive Look: What is the War for Internet Security (Part 1)

Original author: SPIEGEL
  • Transfer

Intelligence agencies in the United Kingdom and the United States are taking all possible steps to decrypt any kind of Internet message. There is a feeling that the “cloud” is full of “holes”. Good news: Snowden's new documents confirm that some forms of encryption cannot be handled even by the NSA.

On Christmas Eve [ article published December 28, 2014 - approx. perev. ] spies from the Five Eyes alliance Five Eyes ] are waiting for a little respite from their hard work. In addition to their usual duties — that is, decrypting messages around the world — they play a game called Kryptos Kristmas Kwiz, whose participants need to solve complex numerical and alphabetic puzzles. The winners of the competition become the proud owners of "cryptocircles."

Encryption - the use of mathematical techniques to protect communications from espionage - is used in electronic transactions of all types and is used by the government, companies and individuals. But, according to former NSA agent Edward Snowden, not all encryption technologies really do their job.

One illustrative example is encryption in Skype, a program whose 300 million users use the vaunted “secure” Internet video chat service. In fact, there is no question of protecting information here. “Skype’s regular data collection began in February 2011,” says the NSA study document released by Snowden. Less than six months later, in the fall of [2011], the decoders announced that their work had been completed. From that moment, Skype data became available to NSA spies. Microsoft software giant, who bought Skype in 2011, says: “We do not provide direct or indirect government access to user data or encryption keys.” The NSA began monitoring Skype before Microsoft bought the company, but since February 2011, the US Foreign Intelligence Surveillance Court) distributed a warrant to the company, according to which it should not only provide NSA information, but also serve as an accessible data source for the agency.

“Regular Skype data collection” is the next step that the state has taken in the arms race of intelligence agencies looking for an opportunity to penetrate the privacy of users and especially those who considered themselves protected from espionage. Although encryption, in turn, also won several victories: there are several systems that have proven their strength and have been true quality standards for more than 20 years.

For the NSA, communication encryption — or what all other Internet users call secure communications — is a “threat”. In one of the NSA’s training documents, which was accessed by Spiegel, an NSA officer asks: “Do you know that the encryption mechanisms that are widely used on the Internet are the main threat to the NSA’s ability to conduct intelligence on digital networks and infect adversaries?”


Excerpt from NSA document: encryption is called a “threat”

- Do you know that the encryption mechanisms commonly used on the Internet are the main threat to the NSA’s ability to conduct reconnaissance on digital networks and infect adversaries?

“Twenty years ago, the very fact of message encryption meant that they probably contain foreign intelligence data, since only the government and other important goals had the opportunity to acquire or develop and implement communication encryption. Today, anyone who uses the Internet can access web pages using the strong encryption mechanisms provided by the HTTPS protocol, and companies of any level can implement virtual private networks (VPNs) so that their employees can access sensitive or closed corporate information via the Internet. from anywhere in the world. SID calls such widespread encryption formats, which are of great complexity for SIGINT, "ubiquitous encryption."

Snowden's documents showed which encryption mechanisms the NSA managed to decrypt and (more importantly) which ones failed to decrypt. Although it’s been nearly two years since the documents were published, experts doubt that the NSA’s digital spies managed to decrypt such hacking-resistant technologies during this time. “When used properly, strong cryptosystems are one of the few things you can rely on,” Snowden said in June 2013, after flying to Hong Kong.

The "digitalization" of society over the past few decades has been accompanied by the widespread use of cryptography, which has ceased to be the estate of secret agents. Today, almost every Internet connection is encrypted in one way or another - whether you are conducting an online banking operation, whether you buy goods on the Web or make a phone call. The very essencecloud computing - which allows you to outsource a number of tasks to remote data centers, sometimes located on another continent - is based on cryptographic security systems. Internet activists hold “crypto meetings”, which explain to those interested in maintaining the security of honest communications how to encrypt their data.

German government proposes using “permanent data encryption”

In Germany, the need to use strong encryption mechanisms has already been considered at the highest level. Chancellor Angela Merkel and her office are now communicating using phones that have strong encryption systems. The government also invited residents to take steps to protect their communications. Michael Hange, president of the Federal Agency for Information Security, said: "We recommend that you use cryptography - that is, permanent data encryption."

This assumption is unlikely to please some intelligence agencies. In the end, the Five Eye Alliance — the secret services of the United Kingdom, Canada, Australia, New Zealand, and the United States — has a clear goal: to stop encrypting Internet information from other countries whenever possible. In 2013, the NSA had a budget in excess of $ 10 billion. According to the U.S. budget allocated for exploration in 2013, the amount of funding for the Cryptanalysis and Exploitation Services (CES) Department of the NSA alone amounted to $ 34.3 million.

Last year, Guardian , New York Times, and ProPublicareported the details of the 2010 presentation, which talked about the NSA's decryption program called BULLRUN, but many specific vulnerabilities remained outside the scope of these messages.


Presentation slide of the BULLRUN project

The presentation says that “over the past ten years, the NSA has pursued an aggressive, multifaceted policy to crack widespread encryption technologies on the Internet” and that “a huge amount of encrypted Internet data that could not be used until today is now available for use". Decryption, as it turned out, can be used “retroactively” - as soon as the system is hacked, the agency can view its databases for past periods and read information previously unavailable.

The number of Internet users concerned about online security has risen significantly since the publication of Snowden's first disclosures. But those who prudently use strong end-to-end encryption mechanisms to protect their data are still a minority among all Internet users. There are a number of reasons for this: some consider encryption to be too difficult. Or they believe that intelligence officers are ahead of existing user technologies by many steps and can crack any encryption program.

[These user assumptions are not entirely true. We will tell you which encryption mechanisms were resistant to NSA attacks and which were not in the second (final) part of the translation].

To be continued…

Also popular now: