SSL

How Intelligence Agencies NSA & GCHQ Defeated Web Privacy & Security

November 21, 2014 | By Editor 

Summary

Intelligence agencies National Security Agency (NSA) and Government Communications Headquarters (GCHQ) unlocked encryption used to secure mails, medical, and banking records.

A $250-million-a-year U.S. program, it works under the radar with tech firms to insert weak points into software products and services. Many security experts have opined that this program will undermine the fragile fabric of the Web.

NSA & GCHQ

How Did NSA and GCHQ Succeed?

  • The U.S. and British spy agencies have succeeded in breaking much of the online encryption through covert partnerships with tech firms.
  • Relied upon by millions of people to safeguard the privacy of their personal information, mails, and financial transactions, encryption software was fed with secrets flaws.
  • This action has compromised the assurance Internet firms gave their customers that their communications, medical, and financial records were indecipherable to anyone.
  • The methods used in the systemic assault on global encryption include
    Control over the setting of international encryption standards,
    Use of super computers to break encryption, and
    Collaborate with tech firms and Web service providers to insert vulnerabilities (backdoors or trapdoors) into commercial encryption software.
  • After 10 years of continuous assault on encryption technologies, NSA finally made a breakthrough in 2010 and collected huge amounts of data via Internet cable taps.
  • GCHQ has been working to develop methods into encrypted traffic on the four major service providers, Google, Facebook, Hotmail, and Yahoo.
  • The spy agencies argue that the ability to thwart encryption is important to their primary missions of foreign intel gathering and counter terrorism.
  • But security experts accuse the agencies of attacking the Web itself and the privacy of all users.
  • Since cryptography forms the basis for online trust, undermining online security is a short-sighted effort to snoop.
  • For the past 10 years, NSA has been aggressively trying to break widely used Web encryption technologies. Huge amounts of encrypted Web data that have up till now been discarded are exploitable now.
  • The breakthrough achieved by NSA allowed spy agencies to monitor large amounts of data that flow through global fiber-optic cables and break its encryption.
  • This did not sit well with Web users since Internet firms have assured that this information was beyond the reach of criminals and government.
  • To capitalize this opportunity, major new processing systems, tasking and Signals Development (SIGDEV) efforts must be put in place.
  • The program actively engages U.S. and foreign IT industries to secretly influence or openly leverage their commercial products and services design.
  • Wedging vulnerabilities into commercial encryption systems will the make the system exploitable.
  • The program also aims to make commercial encryption software easily tractable to NSA by shaping the global marketplace and cracking into encryption by 4G smartphones.
  • However, tech firms maintain that they will work intel agencies only when legally warranted to do so. There were allegations that Microsoft worked with NSA to circumvent encryption on its mail and chat services.
  • NSA has successfully achieved its goals to influence the international standards on which encryption relies and to insert flaws into security standards.
  • The codeword for NSA’s decryption program is Bullrun and its British counterpart’s Edgehill.
  • The agencies are now capable to defeat widely used online security protocols such as Secure Socket Layer (SSL), voice-over-IP (VoIP), and HTTPS.
  • However, the agencies are yet to crack all encryption technologies. Security experts say that if crypto systems are strongly enforced, encryption will work.
  • The agencies were supposed to be very choosy about the contractors that are privy to this information but it was seen by Edward Snowden.
  • One of the 850,000 people in the United States with top-secret clearance, Snowden took the world by shock with revelations about NSA and GCHQ’s spying activities.
  • GCHQ had warned that such revelations will have significant impact on the industry relationships.
  • Loss of confidence leads to the inability to follow confidential agreements subsequently leading to loss of access to proprietary information.
  • GCHQ said that some exploitable products are used by public and some exploitable flaws are well known (for example, poorly chosen passwords). Exploiting these products and scaling their capabilities will only raise public awareness, justified the British intel.
  • The decryption effort was important to GCHQ because its Tempora program, which placed direct tabs on transatlantic fiber-optic cables of leading telecoms, was in jeopardy.
  • As more and more Internet firms started encrypting their traffic, responding to customer demands for security and privacy, GCHQ was forced to find a way thwart this.

Conclusion

An encryption system with a legal tapdoor results in huge loss of communications confidentiality as opposed to a system that has no access to unencrypted communications of its users.

However, the debate about whether the actions of the government to weaken the most powerful encryption tools will protect users’ privacy or do just the opposite is still a question mark.

Wildcardssl

Posted in SSL

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory