Skip to comments.NSA Breaks Most Codes (Digital Encryption Used by Business)
Posted on 09/06/2013 10:32:48 AM PDT by Red Steel
Private encryption systems cracked or bypassed by agency
WASHINGTON (AP) - The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal government documents.
The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in the New York Times, Britain's Guardian newspaper and the news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption.
In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.
"For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 briefing document about the NSA's ...Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers
...One document said GCHQ had been trying for years to exploit traffic from companies like Google, Yahoo, Microsoft and Facebook.
(Excerpt) Read more at theintelligencer.net ...
write in pig-latin THEN encrypt it
Put an islamic prayer at the top and they’ll ignore it.
“Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers”
Yep. If facebook, google, etc have installed backdoors for the NSA to use to get around encryption, then it is only a matter of time before hackers find those backdoors too.
Breaks or were given?
or a picture of Odumbo as a jpg...
‘Most Codes’?.......I wanna know which ones they didn’t break!.............
If it comes out that major Class 1 certificate authorities are compromised, the list of root CAs is going to shrink real quick.
Sadly, because Microsoft is considered a root CA for some things, I doubt we’ll see it happen or hear about it.
This is bad news all around.
Breaks or were given?
Google uses a combination of shady but legal tax dodge strategies (double Irish, routing all sales through subsidiaries in countries with no corporate taxation .. etc.) to legally avoid paying taxes in the USA ... many companies have been hounded into paying those taxes although they used the very same strategies... I’m not implying anything here but this makes me go HMMMMM...
Good for Google. Their purpose is make money for their shareholders, not support idiotic government redistribution schemes.
Mention you’re an illegal alien in all your emails and electronic correspondence and government will send you tax paid prizes, gifts and a list of laws you can completely ignore.
The one unbreakable code is one-time pad. Some privately made, unpublished audio CD might suffice for the pad (using a new segment of it each time) for a whole lot of messages.
It may turn out that domains with a self-signed certificate are the most secure of all...
Check out this article by Bruce Schneier.
I wouldn’t begrudge it to Google either. But to see the law bent to favor Google over other companies is disappointing.
So what's to stop these guys from profiting from this stolen data?
How do we ever rid ourselves of this beast?
Well, setting up a certificate authority on a virtual Ubuntu server and hosting your own internal CA is not incredibly difficult for someone willing to read a how-to or wiki.
PKI will go in the crapper if it comes out that public CAs are compromised. We’ll all need to start using symmetric cryptography, but then how do we verify communications without sharing the key or a cert?
am hay ot nay