Skip to comments.NSA Breaks Most Codes (Digital Encryption Used by Business)
Posted on 09/06/2013 10:32:48 AM PDT by Red Steel
Private encryption systems cracked or bypassed by agency
WASHINGTON (AP) - The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports Thursday based on internal government documents.
The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports in the New York Times, Britain's Guardian newspaper and the news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption.
In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.
"For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 briefing document about the NSA's ...Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers
...One document said GCHQ had been trying for years to exploit traffic from companies like Google, Yahoo, Microsoft and Facebook.
(Excerpt) Read more at theintelligencer.net ...
write in pig-latin THEN encrypt it
Put an islamic prayer at the top and they’ll ignore it.
“Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers”
Yep. If facebook, google, etc have installed backdoors for the NSA to use to get around encryption, then it is only a matter of time before hackers find those backdoors too.
Breaks or were given?
or a picture of Odumbo as a jpg...
‘Most Codes’?.......I wanna know which ones they didn’t break!.............
If it comes out that major Class 1 certificate authorities are compromised, the list of root CAs is going to shrink real quick.
Sadly, because Microsoft is considered a root CA for some things, I doubt we’ll see it happen or hear about it.
This is bad news all around.
Breaks or were given?
Google uses a combination of shady but legal tax dodge strategies (double Irish, routing all sales through subsidiaries in countries with no corporate taxation .. etc.) to legally avoid paying taxes in the USA ... many companies have been hounded into paying those taxes although they used the very same strategies... I’m not implying anything here but this makes me go HMMMMM...
Good for Google. Their purpose is make money for their shareholders, not support idiotic government redistribution schemes.
Mention you’re an illegal alien in all your emails and electronic correspondence and government will send you tax paid prizes, gifts and a list of laws you can completely ignore.
The one unbreakable code is one-time pad. Some privately made, unpublished audio CD might suffice for the pad (using a new segment of it each time) for a whole lot of messages.
It may turn out that domains with a self-signed certificate are the most secure of all...
Check out this article by Bruce Schneier.
I wouldn’t begrudge it to Google either. But to see the law bent to favor Google over other companies is disappointing.
So what's to stop these guys from profiting from this stolen data?
How do we ever rid ourselves of this beast?
Well, setting up a certificate authority on a virtual Ubuntu server and hosting your own internal CA is not incredibly difficult for someone willing to read a how-to or wiki.
PKI will go in the crapper if it comes out that public CAs are compromised. We’ll all need to start using symmetric cryptography, but then how do we verify communications without sharing the key or a cert?
am hay ot nay
I bet they still can’t make sense of anything Lindsay Lohan says.
Unless the chips on the one time pad are compromised...
Actually, I’m old and simply don’t care any more.........Let ‘em come and get me, but I might be able to take out a couple of them first.
I grieve for my children and grandchildren, though.
It's only disappointing if you expect impartiality. Bending the law to favor one group over the other is what government is all about. Ethanol as a motor fuel (Bush) Soylandra (0bama) Sugar import restrictions (Florida nd other Gulf state Republicans and Democrats) all of these are massive distortions of the marketplace designed to favor one group at the expense of the average taxpayer. If you got rid of all of the maketplace distortions caused by government I suspect retail prices fo everything would drop on average at least 15%.
The one unbreakable code is one-time pad.
If only it were that simple.
A perfect encryption system isn't going to be of much help, if a backdoor in your email program is secretly sending the plaintext.
GOP/RNC?! Hello? Is anyone there?! Hell, it’s not like they bothered w/ the Aug. town-hall meetings anywhere around here in Jax, FL either....
This is what they are supposed to do. The NSA was created out of the WWII codebreaking branches of the Army and Navy.
We need to invent a language and write everything backwards and then encrypt it
I always add PBUH (pi$$ be upon him)
well yes i am disappointed; i hope i never get so cynical that i dump the desire for true fairness (which as you suggest often means government just bowing out altogether) on the floor. government so often behaves like God went on vacation and needs them to staff the post!
We, the people must rise and cut government by 50 or 75 percent. Make it manageable once again. If we don’t we shall suffer the ills of our own self neglect.
The problem with one-time pads is distributing them. Both sender and receiver need to have copies. However, that's not an unsolvable problem.
Another issue with one-time pads is that the numbers in the pad must be genuinely random. If they are, in theory a one-time pad encryption is unbreakable.
Computers cannot generate genuinely random numbers. The best they can do is pseudorandom numbers. They look random, i.e., have the right distribution of digits, pairs, etc., and low correlation between different segments, but in fact they are created deterministically, and once the generating algorithm is known, the entire sequence can be replicated.
Genuinely random numbers can be generated by devices using phenomena such as radioactive decay. However, these are expensive and not readily available. (My son's doctoral dissertation was on generating random numbers by counting photons arriving on a two-dimensional array of detectors. Again, something not readily available.)
An alternative is to get numbers from a source such as a phone book. Go down the page, taking the last digit or pair of digits of each phone number in succession. Or use tables of economic or population data, such as the STATISTICAL ABSTRACT OF THE UNITED STATES. In that case don't use the last digit because it's been rounded. Take the next-to-last. I've tested these numbers, and they satisfy tests of randomness fairly well. Both sender and recipient must have copies of the same directory, and the recipient must know which page and column the numbers were taken from.
However, if "they" know what directory you used, they can crack the message by brute force, using a supercomputer to try all pages.
There are no really "easy" ways to generate one-time pads, but with some effort, they can be prepared and used with good assurance that the messages are secure.
It will not occur until God is seriously exalted again. Government has usurped powers of a god and that’s powered from infernal regions.
The bright side is that it’s likely any gospel effort that succeeds in this milieu is going to be a more stunning revival than the country has seen since its founding. God is up to the task. Are we willing to, as I may seem to oversimplify, give that Lion of Judah another big hug and a cheer? Maybe 95% of the battle here is cutting through the spiritual lies which claim that this won’t do any good. If everyone knew how well exalting the Lord reaps power, they’d be doing it all day for the joy of what happens. A rough battle... with stunning victories over and over.
In addition to the damage they've done directly by weakining Internet security, they'd done a huge amount of indirect economic damage -- nobody will be able to trust any American-sourced security products (unless they're fully open-sourced) for a long time, if ever. That is going to cost the tech sector billions of dollars.
We know that some of them have been cyberstalking their romantic interests; it would be very surprising indeed if they haven't been using the same techniques to get insider investment information of maybe even steal outright (well, other than the stealing from the taxpayers we already know about).
It's possible to avoid the single-point-of-failure problem by using a web-of-trust model (i.e. people sign each other's keys, and each user decides whose signatures to trust).
Thanks for that link. Schneier is usually good.
After all, if you find yourself facing a 100-ton steel door behind which is what you want, what do you do? You could try to drill through. But that would take a lot of time and attract attention. A better way would be to sneak in to the back wall via the sewer tunnels over the Bastille Day holiday. Take your time drilling the safe deposit boxes one at a time. Weld the steel door shut from the inside. And leave your trash behind.
It's likely the NSA has not found a way through the steel door, but has been quite successful with other attacks over, under, behind, and around it, not to mention simply persuading (leaning on?) the bank officials to open it for them.
I personally use StartSSL, which is a web-of-trust CA, and I agree that’s a better route. The problem as I see it, however, is that if even one of those providers is compromised, we have no way of knowing and the trust becomes problematic.
Yep. This article describes some of the actual and potential damage done to the US economy and tech base.
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
NOTE!!! I have lost my hard drive, if you joined this list after 7/10/13 please remind me to get back on. All changes after then have gone away, including, sadly, some nifty graphics. *sigh*
It is a crude system ,good luck to ‘em with that lot.
NOTE!!! I have lost my hard drive,...
Does that deserve its own NJCT thread?
Does that deserve its own NJCT thread?
That's the exact thought I had. NJCPL operator loses hard drive, hmmm...???
Nahhh, just a hardware failure on an old drive. I knew it was coming, bought a 1TB USB back-up drive and backed everything up on 7/10, then didn’t have the wit to do daily backups afterwards...
Good article. You can be sure that the Russians, Chinese, etc knew about these vulnerabilities long before they became public knowledge and already have their state-sponsored hackzorists working to get a foot in the door.
Probably has nothing to do with the fact that you poke the NSA with a sharp stick every day of the week :-)