NSA cracks SSL, HTTPS, VPNs, and 4G wireless connections, according to report

Nsa-spying

The days of thinking your privacy is safeguarded on the Internet are long gone, so don’t ever believe for one moment that you’re protected, because it is only an illusion at this point. According to a report from the New York Times, the US National Security Agency (NSA) — along with UK’s Government Communications Headquarters (GCHQ) — is highly capable of cracking any encryption used on the web to protect sensitive data such as your regular instant messenger messages, emails, medical records, and web searches.

We understand the NSA would force ISPs and other companies to create a backdoor or give up encryption keys to allow the agency to gain access to user sensitive data without a hitch. If that didn’t work, they would use other means such as forcing their way into networks. This is scary stuff; gone are the days when Internet users could feel safe within themselves when watching online porn or people making a fool of themselves on YouTube.

Aside from that, the NSA invested billions into supercomputers that are able to literally crack the encryption codes they couldn’t get via other ways. More specifically, it is said the NSA researched heavily into cracking SSL/HTTPS, VPNs, and encryption used in 4G wireless data connections. There is no indication that NSA has yet found a master key to break all SSL/HTTPS/VPN/4G/etc. connections but rather that they have the capability to crack individual encryption keys/codes as needed.

The ability to crack protected data was a closely guarded NSA secret, which was restricted to employees with high-level access to a program only known as Bullrun. Over the many years of the past, users of the Internet believed their data was safeguarded by their ISP, however, as you have come to find out, this is not the case and the NSA wanted to keep you from figuring this out.

It worked for a while, but as the saying goes, “what’s in the dark will come to light.” Furthermore, the NSA wasn’t just using its toys to against the enemy as American citizens and other folks across the world have found themselves under the radar for reasons unknown.

The National Surveillance Agency’s ability to crack sensitive information comes as no surprise, as according to recent reports, $11 billion was recently spent on bolstering the ability to spy on encrypted messages from priority targets around the globe. This was part of a $52 billion black budget the government used to fund its surveillance capability, among other things.

At the moment, a future without privacy is looking ever so likely. I guess the time has come to form the resistance — or maybe not since the resistance would probably not have Internet so we can stare seductively at Jenna Jameson.

Hit up the New York Times via link below to read the full, in-depth story.

[via New York Times, image via US Humor]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

8 comments

  1. Darcy

    [@Ashraf] Though you must admit, at the rate that debt is climbing the interest keeps getting higher too. That is a drain on the economy. According to this repost from March 2012, the national debt exceeds the entire national Gross Domestic Product. http://www.cbsnews.com/8301-503544_162-57400369-503544/national-debt-has-increased-more-under-obama-than-under-bush/

    However when I looked that up, I did find a surprise. Per both Reuters and ABC news, as of April 2013, the US has committed to paying the debt down by $35 million in Q2. http://www.thefiscaltimes.com/Articles/2013/04/30/US-to-Pay-Down-35-Billion-in-National-Debt-in-Q2#page1 Since it went up $4.939 trillion during Obama’s term right up to March 2012, that’s a minor amount.

  2. Ashraf
    Mr. Boss

    [@Bub] You are right, I do think you are splitting hairs. While I disagree with your notation regarding the headline, you do make a valid point that readers should know that the underlying logic between SSL/HTTPS is not broken. That is why I updated the article yesterday, after replying to you, with the following:

    “There is no indication that NSA has yet found a master key to break all SSL/HTTPS/VPN/4G/etc. connections but rather that they have the capability to crack individual encryption keys/codes as needed.”

    Thanks for keeping us honest.

  3. Bub

    [@Ashraf]
    The BBC headline is provocative, but also does not claim that HTTPS/SSL specifically has been cracked. The NYT article does indicate that some VPNs and 4G networks have been cracked, which is sufficient to justify the BBC headline. Rather flimsy evidence upon which to rest your case.

    And the quotes you provided from the original article are consistent with what I said, “that they have been trying really hard to do so, but not that they have succeeded.”

    I’m not sure what distinction you make between the words “crack” and “break”. To me, in this context, they are synonymous. If your definition of “crack” is a not-necessarily-successful attempt, then your conception is accurate, if not your use of language.

    You may think that I’m splitting hairs, but I think it’s important for readers to understand that to the best of anybody’s knowledge, the mathematical algorithm behind SSL/HTTPS is still as secure as it ever was, and would require more computing power than exists even at the NSA’s disposal to truly crack. NSA’s methods of circumventing it (attacking the endpoints, acquiring private keys) are valid concerns, but nothing new, except perhaps in their use by the government, and the scope of application.

    I understand that headlines are meant to get people to read the rest of the article, but they shouldn’t mislead people who don’t. For examples of headlines that are more accurate, you can look at most of the media coverage, including the BBC and NYT headlines. If you want to be more specific about protocols, you can say something like “Security of HTTPS, VPN, 4G Communications Compromised under NSA Attack.”

  4. Ashraf
    Mr. Boss

    [@Bub] This is from the NYT article:

    “The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes […]”

    “Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. […]”

    Put two and two together, and I find the headline to be fine. The headline didn’t say NSA broke SSL/HTTPS/etc. connections — it says NSA cracks them, which is true as far as I’m considered.

    I’m not sure what you want the headline to be. Headlines are intended to be just that — headlines. They are meant to get people to read the whole article.

    If you think you can do a better job, please go ahead.

  5. Bub

    Sensationalist headlines are fun, but please try to keep them accurate. nowhere in the report does it say that the NSA has cracked HTTPS/SSL. It says that they’ve been trying really hard to do so, but not that they have succeeded. It says that they have gotten some providers to hand over their private keys (which does circumvent the standard). And it says that where they can’t get the keys, they attack the endpoints, after or before the data is decrypted or encrypted – just like any other hacker would do.

    The article mentions that the NSA deliberately introduced a flaw into an encryption standard. It does not mention that the standard in question, Dual_EC_DRBG, is not widely used.

    It also says that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

    For a less alarmist and more balanced take on what actually has happened, take a look here: http://www.technologyreview.com/news/519171/nsa-leak-leaves-crypto-math-intact-but-highlights-known-workarounds/