NSA Cracked Most Online Encryption

Discussion in 'General Discussion' started by tulianr, Sep 6, 2013.

  1. tulianr

    tulianr Don Quixote de la Monkey

    WASHINGTON -- The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential data safe from prying eyes, according to published reports based on internal U.S. government documents.

    The NSA has bypassed or altogether cracked much of the digital encryption used by businesses and everyday Web users, according to reports Thursday in The New York Times, Britain's Guardian newspaper and the nonprofit news website ProPublica. The reports describe how the NSA invested billions of dollars since 2000 to make nearly everyone's secrets available for government consumption.

    In doing so, the NSA built powerful supercomputers to break encryption codes and partnered with unnamed technology companies to insert "back doors" into their software, the reports said. Such a practice would give the government access to users' digital information before it was encrypted and sent over the Internet.

    "For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," according to a 2010 briefing document about the NSA's accomplishments meant for its UK counterpart, Government Communications Headquarters, or GCHQ. Security experts told the news organizations such a code-breaking practice would ultimately undermine Internet security and leave everyday Web users vulnerable to hackers.


    Thursday's reports described how some of the NSA's "most intensive efforts" focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks to secure their Internet traffic. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.

    GCHQ, they said, developed "new access opportunities" into Google's computers by 2012 but said the newly released documents didn't elaborate on how extensive the project was or what kind of data it could access.


    The operator of Lavabit LLC, Ladar Levison, suspended operations of the encrypted mail service in August, citing a pending "fight in the 4th (U.S.) Circuit Court of Appeals." Levison did not explain the pressures that forced him to shut the firm down but added that "a favorable decision would allow me to resurrect Lavabit as an American company."

    The government asked the news organizations not to publish their stories, saying foreign enemies would switch to new forms of communication and make it harder for the NSA to break. The organizations removed some specific details but still published the story, they said, because of the "value of a public debate regarding government actions that weaken the most powerful tools for protecting the privacy of Americans and others."

    Such tensions between government officials and journalists, while not new, have become more apparent since Snowden's leaks. Last month, Guardian editor Alan Rusbridger said that British government officials came by his newspaper's London offices to destroy hard drives containing leaked information. "You've had your debate," one UK official told him. "There's no need to write any more."

    Report: NSA Cracked Most Online Encryption | Military.com
    Mindgrinder and stg58 like this.
  2. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    I need to learn how to code. I wonder how hard it would be to up the bit-count possible in open-source software that generates keys to something like 131072 instead of 1024 or 2048. Can't export it? That's fine, it's not for export, it's to keep your damned hands off my data!
    kellory likes this.
  3. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    I would get the GPG Source Code and see if you could expand that Key Generators Key Length.... The rest of the work is already done, and due to it being Open Source, and well Documented, and inspected, by Real Crypto Gurus, you can be sure there are NO NSA BackDoors in the Code......
    Brokor and VisuTrac like this.
  4. DarkLight

    DarkLight Live Long and Prosper - On Hiatus

    @BTPost - That's what I had originally thought. It can't be that hard to do (and I kind of assumed it could be done when I wrote books 2 and 3...that's basically what the comms geek did).
  5. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    Just communicate using the MonkeyNet OnePad.
    But that will probably get you on a list because they won't be able to crack it.
  6. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    True enough.... Especially, If it is a Phrase PAD......
    VisuTrac likes this.
  7. stg58

    stg58 Monkey+++ Founding Member

    I knew holding on to the old Enigma machines was a good idea:)

    kellory likes this.
  8. tulianr

    tulianr Don Quixote de la Monkey

    Yeah. The Germans thought their Enigma encryption was unbreakable. They were mistaken. The Japanese, similarly, thought their diplomatic code was unbreakable. They too were mistaken. If the technology exists to encrypt it, the technology will eventually exist to break it.

    The US Navy learned in 1985 that the Soviet Union had been reading their most secret message traffic for the past twenty years, thanks to information provided to the Soviets by Warrant Officer John Walker, and the encryption devices removed from the USS Pueblo. America's arch enemy of the Cold War knew the location and plans of our forward deployed forces, including our submarines, for almost two decades. Had the Cold War ever heated up, the American Navy would have been in for some ugly surprises.

    Technology is a wonderful thing, but it can turn out to be a vicious trap if we rely on it too completely.
    VisuTrac and kellory like this.
  9. Minuteman

    Minuteman Chaplain Moderator Founding Member

    I just recieved this today and thought it was an interesting take on this. By the way, I highly recommend this newsletter for anyone serious about freedom.MM

    September 6, 2013

    "At what point do we just start calling these guys the Stasi," asked a friend of mine over coffee today.

    He was, of course, referring to the latest news out of the Guardian-- the same British paper that published Edward Snowden's original whistleblowing interview.

    First the world learning that the NSA's PRISM program monitors almost ALL Internet traffic, worldwide. Now the Guardian reports that the NSA and its British counterpart GCHQ have 'cracked codes' across the Internet that were once thought uncrackable.

    Dropbox, for example, is a popular file storage and sharing tool that allows users to upload Gigabytes worth of files to their servers. And they claim that their security protocols encrypt the file transfers from end to end.

    (Of course, Dropbox's privacy policy also states very plainly that they will happily give up your data to any law enforcement agency that comes asking for it...)

    But the NSA claims to have cracked HTTPS and Secure Socket Layer protocols which encrypt digital communications.

    And of course, it's been leaked that Microsoft is firmly in bed with the NSA, providing the agency with backdoor access to users of Microsoft Outlook.

    Perhaps this is what Lavabit CEO Ladar Levison meant when he said, "If you knew what I knew about e-mail, you might not use it."

    (Lavabit was a secure email provider that recently shut itself down rather than "become complicit in crimes against the American people.")

    I have to tell you, though, I'm deeply suspicious some of the NSA's assertions.

    They seem to be claiming that they have cracked nearly everything, and that they have backdoor access to privacy software. But this is practically impossible.

    A lot of encryption software used today is actually 'open source'. This means that the software code is freely available to anyone.

    GNU Privacy Guard (GPG) is a great example. GPG is an open-source, free alternative version of Phil Zimmerman's original PGP software. And it's widely used to encrypt files and emails.

    But because GPG is open-source, the software code is available for anyone to view, inspect, and modify. If there were any backdoor access for the NSA, thousands of people would see this.

    Not to mention, to penetrate a single 2048-bit encryption key can take anywhere from thousands of years to tens of millions of years, even with the fastest supercomputers.

    Consequently, it's IMPOSSIBLE for the NSA to have cracked everything. And my assessment is that this is an intimidation campaign.

    The NSA wants people to think that they have this capability.

    And if everyone thinks that the NSA is Big Brother's Big Brother, all-seeing and all-knowing, then not only will everyone be terrified, but everyone will simply stop using encryption.

    After all, why bother going through the hassle of encrypting/decrypting if the NSA can still read the contents of your email?

    It's in the NSA's interest for people to think that the agency is almighty. I don't buy it. These people are seriously vile. But they don't have superpowers.

    When done properly, email encryption is still a good option. And there are a number of open-source tools out there to consider using.

    You can read about several of them in our free report-- How to Give the NSA the Finger. And for members of our premium service, Sovereign Man: Confidential, you'll soon receive a step-by-step guide specifically for email encryption. More to follow on this.

    Have a great weekend.
    Simon Black
    Senior Editor, SovereignMan.com
    kellory and BTPost like this.
  10. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    The exact "Point" that I have made here on the Monkey, before..... GPG so as as I have been able to determine, has NO BackDoors, and the Encryption Algorithms used are as Solid as any on the Planet. Brute force Cracking a 2048bit KeySet is, so far, a very LONG (Years) and tedious task, even for our Letters Outfits.
survivalmonkey SSL seal        survivalmonkey.com warrant canary