Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

N.S.A. Foils Much Internet Encryption
New York Times ^ | September 5, 2013 | NICOLE PERLROTH, JEFF LARSON and SCOTT SHANE

Posted on 09/05/2013 12:14:05 PM PDT by Alter Kaker

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

(Excerpt) Read more at nytimes.com ...


TOPICS: Foreign Affairs; Front Page News; News/Current Events
KEYWORDS: nsa; security; snowden
Navigation: use the links below to view more comments.
first 1-5051-100101-107 next last
Breathtaking -- both the scale of the NSA's exploits and the scale of this leak.
1 posted on 09/05/2013 12:14:05 PM PDT by Alter Kaker
[ Post Reply | Private Reply | View Replies]

To: Alter Kaker

And what they can’t break, they record until they can.


2 posted on 09/05/2013 12:17:16 PM PDT by Jack of all Trades (Hold your face to the light, even though for the moment you do not see.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jack of all Trades

Bingo. But nobody is listening in... there’s no “there” there.


3 posted on 09/05/2013 12:23:16 PM PDT by Bogey78O (We had a good run. Coulda been great still.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Alter Kaker
all I know is I was looking up a recipe for "cowboy beef" a couple of weeks ago and today Amazon emails me about a Cowboy recipe book.....

keep your friends close and your enemies closer...

4 posted on 09/05/2013 12:25:43 PM PDT by cherry
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alter Kaker

Our government practically owns and operates Google and Facebook, too.


5 posted on 09/05/2013 12:27:36 PM PDT by GeorgeWashingtonsGhost
[ Post Reply | Private Reply | To 1 | View Replies]

To: cherry

I remember freepers trying to assure us that loyalty cards and asking for zip codes was not to track us but to make their service better. We were assured that it didn’t get specific enough to track us personally.

Then my Brother In Law recieved some awesome coupons for the items he bought all the time. The coupons were specifically tailored to his buying habits. I kid you not.


6 posted on 09/05/2013 12:28:17 PM PDT by GeronL
[ Post Reply | Private Reply | To 4 | View Replies]

To: Alter Kaker

“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.”

The usual method used is either to steal the encryption passphrase, or use a passphrase-guessing program. These programs are quite useful if you know a lot about the target.


7 posted on 09/05/2013 12:30:10 PM PDT by proxy_user
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alter Kaker

The NSA are wussies living in their mothers’ basements reading everyone’s emails to get their jollies.

Haven’t stopped a single terrorist attack, by all indications.

The Tsarnaevs are laughing at them.


8 posted on 09/05/2013 12:30:41 PM PDT by Uncle Miltie (Are Marines required to salute Al Qaeda yet?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alter Kaker
I read previous articles saying that the NSA is able to read the weaker PTPP encryption, but not the stronger L2TP/IPSec or OpenVPN protocols, at least not in anything approaching near-real time.

I think it's like cracking WEP, but not WPA2.

-PJ

9 posted on 09/05/2013 12:31:16 PM PDT by Political Junkie Too (If you are the Posterity of We the People, then you are a Natural Born Citizen.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jack of all Trades

10 posted on 09/05/2013 12:32:12 PM PDT by Uncle Miltie (Are Marines required to salute Al Qaeda yet?)
[ Post Reply | Private Reply | To 2 | View Replies]

To: GeorgeWashingtonsGhost

US telecoms fight claims of illegal spying [Bush wins, case dismissed]
http://www.freerepublic.com/focus/f-news/2264404/posts

Ruling: Telcoms Not Liable for ‘Illegal Spying
Publius’ Forum ^ | 6/04/09 | Warner Todd Huston
http://www.freerepublic.com/focus/f-bloggers/2264552/posts

But back then, spying on Americans was ‘good’.


11 posted on 09/05/2013 12:32:13 PM PDT by TurboZamboni (Marx smelled bad & lived with his parents most his life.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: proxy_user
The usual method used is either to steal the encryption passphrase, or use a passphrase-guessing program. These programs are quite useful if you know a lot about the target.

Not just that, they've also apparently come up with a mechanism for storing encryption keys for commercial encryption technologies, found a way to break SSL and hack into VPNs. This will cause every country in the world to create new encryption technologies -- unbelievably broad leak.

12 posted on 09/05/2013 12:32:34 PM PDT by Alter Kaker (Gravitation is a theory, not a fact. It should be approached with an open mind...)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Political Junkie Too
I think it's like cracking WEP, but not WPA2.

Except WPA2 is already hackable by 13 year old kids, not just the National Security Agency.

13 posted on 09/05/2013 12:34:54 PM PDT by Alter Kaker (Gravitation is a theory, not a fact. It should be approached with an open mind...)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Alter Kaker
Maybe that was a bad comparison.

-PJ

14 posted on 09/05/2013 12:35:58 PM PDT by Political Junkie Too (If you are the Posterity of We the People, then you are a Natural Born Citizen.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Uncle Miltie
Haven’t stopped a single terrorist attack, by all indications.

Stopping terrorism is only a new priority of theirs -- their original mission is foreign intelligence. And this leak will cause the Russians, the Chinese, the Pakistanis and probably every other country in the world to switch technologies.

15 posted on 09/05/2013 12:36:35 PM PDT by Alter Kaker (Gravitation is a theory, not a fact. It should be approached with an open mind...)
[ Post Reply | Private Reply | To 8 | View Replies]

To: GeronL

Wait until people start getting health insurance premium hikes based on the groceries they bought. Oh, and some stores (I’m looking at you, Target!) are requiring the cashiers to swipe the driver’s license into the cash register for all alcohol purchases. I left the cashier with that bottle of Baringer and bought one at walmart instead.


16 posted on 09/05/2013 12:40:19 PM PDT by Orangedog (An optimist is someone who tells you to 'cheer up' when things are going his way)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Alter Kaker

They are apprently using key-stealing to do this. The algorithms are mathmatically unbreakable, but that doesn’t matter if you swipe the key somehow.

You have to understand how SSL works to understand how this is possible. It is a three-step handshake. The server sends you a signed message, which you verify against the public certificates in your browser’s keystore. You then send it an message encrypted with its public key, and it replies with an encrypted message with a proposed symmetric key. You then accept the symmetric key, and from then on communicate in a symmetric cipher.

Now all the NSA has to have is the server’s private certificate, and it can read the asymmetric traffic and pick up the symmetric key as it is sent. If you have a buddy at Verisign, this is easily done.


17 posted on 09/05/2013 12:40:46 PM PDT by proxy_user
[ Post Reply | Private Reply | To 12 | View Replies]

To: Alter Kaker

Because this leak contained information they weren’t already aware of...

I need to find that article about the 4000+ security risks who work for NSA.
Here we go:

http://news.yahoo.com/report-secret-budget-cited-4-000-nsa-leaks-182750941.html

All this leak does is let the REST of us know that encryption is teetering on the edge of nonusefulness.


18 posted on 09/05/2013 12:40:50 PM PDT by Black Agnes
[ Post Reply | Private Reply | To 15 | View Replies]

To: proxy_user

This is why passwords should not be words but instead ramdom characters, # and if you know how to make special ascii characters even better.


19 posted on 09/05/2013 12:41:33 PM PDT by qman (The communist usurper must go!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Orangedog

What if you present a US passport rather than a driver’s license?


20 posted on 09/05/2013 12:41:42 PM PDT by proxy_user
[ Post Reply | Private Reply | To 16 | View Replies]

To: Orangedog

Use cash at a small business.

Their videotapes aren’t recorded and stored forever in some central database in NW Arkansas...


21 posted on 09/05/2013 12:42:10 PM PDT by Black Agnes
[ Post Reply | Private Reply | To 16 | View Replies]

To: rarestia

ping


22 posted on 09/05/2013 12:46:10 PM PDT by null and void (I'm betting on an Obama Trifecta: A Nobel Peace Prize, an Impeachment, AND a War Crimes Trial...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: qman

What the password-guessing program does is take your personal information, like birthdays, phone numbers, street address, girlfriends and combines it into various strong passwords that you might have used.

For example, if you are Joe Blow of 486 Main Street, Anytown, Illinois 60823, and you girlfriend is Doris and you dog is Spike, it will try stuff like

doris60823spike
spike486doris
illiniDoris60823spike

...and so on. It can do thousands of combinations a second. They get hits about 25-30% of the time.


23 posted on 09/05/2013 12:47:12 PM PDT by proxy_user
[ Post Reply | Private Reply | To 19 | View Replies]

To: GeronL

I was speaking to some twenty-somethings about the NSA spying and they were nonplussed about the whole thing. It’s terrible. Government schools have raised pro-government drones.


24 posted on 09/05/2013 12:50:10 PM PDT by 1010RD (First, Do No Harm)
[ Post Reply | Private Reply | To 6 | View Replies]

To: TurboZamboni

Yep, we’ve forgotten that when the come for X, eventually they come for you.


25 posted on 09/05/2013 12:51:19 PM PDT by 1010RD (First, Do No Harm)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Alter Kaker
unbelievably broad leak.

UNBELIEVABLE YES

Perhaps Mr Snowden is not what he appears to be?

26 posted on 09/05/2013 12:51:33 PM PDT by DUMBGRUNT
[ Post Reply | Private Reply | To 12 | View Replies]

To: 1010RD

Yep. They have created a generation of mindless sheeple


27 posted on 09/05/2013 12:51:37 PM PDT by GeronL
[ Post Reply | Private Reply | To 24 | View Replies]

To: Alter Kaker
So NSA deliberately interfered with encryption standards so that it could create backdoors for itself?

Great. Just great!

28 posted on 09/05/2013 12:58:14 PM PDT by Timber Rattler (Just say NO! to RINOS and the GOP-E)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user
I use passages from The Declaration of Independence or The Constitution. Nobody working for the fed has a clue where to look.
29 posted on 09/05/2013 1:07:14 PM PDT by kitchen (Make plans and prepare. You'll never have trouble if you're ready for it. - TR)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Alter Kaker

FWIW my credit union just called and said Visa had notified them my debit card was on a list that had been hacked. But nothing appears to be missing. And they are sending me a new card.


30 posted on 09/05/2013 1:07:16 PM PDT by bigheadfred (INFIDEL)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Alter Kaker

We need to shut this shit down or we are slaves, and our futures is the ovens.


31 posted on 09/05/2013 1:15:43 PM PDT by LowTaxesEqualsProsperity
[ Post Reply | Private Reply | To 1 | View Replies]

To: kitchen

Well, they do now!


32 posted on 09/05/2013 1:16:24 PM PDT by proxy_user
[ Post Reply | Private Reply | To 29 | View Replies]

To: Alter Kaker

Any encryption scheme merely delays and increases the effort needed to read a message. That should be well understood by anyone who uses any encryption scheme. In some ways encryption makes your communications more vulnerable as attention tends to be focused on encrypted messages, rather than the vast number of clear text messages.

Of course the best way to keep your message safe is to use a one time use code, not a repeated cipher.

The other thing that protects your messages is the provision of vast amounts of false information with similar cipher techniques to those used with your true information. To work best, this is done with a plan as to the false ideas you want your enemy to think is true, and the true ideas you want your enemy not to know.

During WWII Germany tried to present an image of great strength, so enemies would be discouraged. They sought to plant the notion that they were manufacturing 1400 tanks a month.

Analysis of a few captured tanks in north Africa put the lie to that. The serial numbers were collected and seemed to all be very close together. Analysis of castings showed that the parts came from a small number of masters, and that put an upper limit on the rate of manufacture.

For people who seek to look behind the lies disseminated by propagandists, there is a good Wikipedia article on “The German Tank Problem”.


33 posted on 09/05/2013 1:16:38 PM PDT by donmeaker (Blunderbuss: A short weapon, ... now superceded in civilized countries by more advanced weaponry.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LowTaxesEqualsProsperity

At least we have one section of the government that listens to us!


34 posted on 09/05/2013 1:17:13 PM PDT by donmeaker (Blunderbuss: A short weapon, ... now superceded in civilized countries by more advanced weaponry.)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Alter Kaker; All

To all Freepers; Get some kind of encryption software for your email. Send 50 emails a day with a single message: “Drink more Ovaltine.”


35 posted on 09/05/2013 1:17:49 PM PDT by TangoLimaSierra (To the left the truth looks like Right-Wing extremism.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

I’m going to use those three passwords next time some stoopid site wants one:)


36 posted on 09/05/2013 1:33:47 PM PDT by Cold Heart
[ Post Reply | Private Reply | To 23 | View Replies]

To: Alter Kaker

It’s always been a race, someone comes up with a way of protecting something and then someone that wants that comes up with a way to crack that protection. The NSA has been doing what governments always do which is to constantly seek power and advantage. SSL and VPN’s are mostly based on public key cryptography that is old and in dire need of replacement and has been known to be vulnerable for some time. Even the newer public key algorithms are not anywhere near as good as AES so don’t expect any of them to provide protection against any government because they won’t.

The distressing thing is not that we are vulnerable but that the USG has bought and paid for so many technology companies and service providers that the encryption methods have become moot because they are using back doors to suck up everything before the data hits any encryption device. We’ve been sold out by Facebook, Goggle, Yahoo, Microsoft, Verizon, AT&T, etc.

Snowden did tremendous damage to our countries ability to suck up foreign intelligence and more than likely a lot of damage to the US economy long term as I see most countries moving away from US based suppliers and more towards either open source or suppliers from second and third world (read not China, Russia, UK, etc.). If I was a non-US based company or country I’d certainly be shopping elsewhere now and would imagine that a lot of them are scrambling to do just that.


37 posted on 09/05/2013 1:37:47 PM PDT by trapped_in_LA
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jack of all Trades

“And what they can’t break, they record until they can.”

AAMTD SFSF SH%G)E DFWERJPA-id
%&HTJLS: PM. @! RTB..?Q


38 posted on 09/05/2013 1:40:48 PM PDT by The Antiyuppie ("When small men cast long shadows, then it is very late in the day.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: Alter Kaker

How does a decrypter know it has been successful? How does it know the difference between gibberish and clear text? It’s a computer program and doesn’t understand anything. Does it look for words like “the” and “bomb”?
Don’t real terrorists use words like “the” and “Package”? Wouldn’t it write in code, like “Aunt Susie is going to deliver the package to New York”
And anyway, why would a true terrorist write in English?

In other words, if the decrypter doesn’t know what it’s looking for, what does it look for?

I would like to know. Not being flippant, for a change.


39 posted on 09/05/2013 1:44:53 PM PDT by I want the USA back
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cold Heart

I use FUB0. They still don’t get it.


40 posted on 09/05/2013 1:47:41 PM PDT by unixfox (Abolish Slavery, Repeal the 16th Amendment)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Alter Kaker

This leak makes me wonder a bit about the security of AES.

Personally I like Blowfish and RC4 .. many think RC4 is weak but I think it’s fine if properly implemented. It’s very easy to code RC4 for use in embedded systems. I love RC4 for its elegance and simplicity. http://ciphersaber.gurus.org/

ECC is what we need to use for public key, it’s what the NSA uses.

I imagine the NSA uses a lot of custom ASIC chips for code breaking...probably made in their own Fab. I bet NSA would be great at Bitcoin mining.

The ability of NSA to decrypt a particular implementation or type of encryption is tested by foreign adversaries by encoding false info with the system and watching to see if the U.S. takes any action based on that info.

Don’t trust anything but open-source encryption products.

For the most critical data I’d recommend the two parties create a truly random set of data using a noise source like brownian noise. Both parties must hold this data and keep it secure. This allows the parties to add a one-time-pad step to their usual encryption routine. The one-time-pad is unbreakable by any method, even when powerful quantum computers come on line they will have no hope of penetrating a one-time-pad system. The big problem with one-time-pad is you are taken back to the bad old days of the key exchange problem...secret data that must be shared by all users, it’s a drag!

Steganography must still be a huge problem for the NSA since there are nearly limitless ways to implement it. Just a few bits inside a huge data set can hold important info...how do you discern this??


41 posted on 09/05/2013 1:53:36 PM PDT by Bobalu (Bobo the Wonder Marxist leads Operation Rodeo Clown against Syria)
[ Post Reply | Private Reply | To 1 | View Replies]

To: The Antiyuppie
AAMTD SFSF SH%G)E DFWERJPA-id
%&HTJLS: PM. @! RTB..?Q

Hey, no shit! I was just going to say the same thing!

CA....

42 posted on 09/05/2013 1:56:59 PM PDT by Chances Are (Seems I've found that silly grin again....)
[ Post Reply | Private Reply | To 38 | View Replies]

To: Black Agnes

I do that now. About the only thing I’ll use plastic for is gasoline since it’s less stressful to pay at the pump than to deal with idiots in line inside and the idiots running the cash register.


43 posted on 09/05/2013 1:58:01 PM PDT by Orangedog (An optimist is someone who tells you to 'cheer up' when things are going his way)
[ Post Reply | Private Reply | To 21 | View Replies]

To: cherry; GeronL

Browse in an incognito window if you don’t want cookies.


44 posted on 09/05/2013 1:58:18 PM PDT by Lonesome in Massachussets (Doing the same thing and expecting different results is called software engineering.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Lonesome in Massachussets

and use duckduckgo for a search engine


45 posted on 09/05/2013 1:59:08 PM PDT by GeronL
[ Post Reply | Private Reply | To 44 | View Replies]

To: I want the USA back

It’s mathematics, it’s not hard to tell if a bunch of bits is random or contains a pattern. True randomness is very hard to do. Once data is encrypted it still can contain some non-randomness that can be discerned. The job is to decrypt to the most non-random state you can. The most non-random state might still be something like a simple book cypher so it won’t be readable yet...or it could be plain-text.

Subtle steganography is a real headache for those looking for secret meaning in masses of data.


46 posted on 09/05/2013 1:59:58 PM PDT by Bobalu (Bobo the Wonder Marxist leads Operation Rodeo Clown against Syria)
[ Post Reply | Private Reply | To 39 | View Replies]

To: Alter Kaker

V’z abg jbeevrq, V hfr gur fhcre frpher naq gurbergvpnyyl haoernxnoyr EBG13 nytbevguz.


47 posted on 09/05/2013 2:00:41 PM PDT by Lonesome in Massachussets (Doing the same thing and expecting different results is called software engineering.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Chances Are

“Hey, no shit! I was just going to say the same thing!”

I guess I will have to block FR from my 11 year old granddaughter.


48 posted on 09/05/2013 2:00:53 PM PDT by TexasGator
[ Post Reply | Private Reply | To 42 | View Replies]

To: I want the USA back

You are more or less on to it. Bobalu’s answer is correct, but let me elaborate some. They might look for common English words. See here for how it was done a Bletchley Park:

http://en.wikipedia.org/wiki/Bombe#Bombe_menu

Read the entire article it’s terribly interesting.


49 posted on 09/05/2013 2:12:50 PM PDT by Lonesome in Massachussets (Doing the same thing and expecting different results is called software engineering.)
[ Post Reply | Private Reply | To 39 | View Replies]

To: Alter Kaker

this is going to kill the cloud computing bandwaggon.


50 posted on 09/05/2013 2:14:12 PM PDT by longtermmemmory (VOTE! http://www.senate.gov and http://www.house.gov)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-107 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson