The National Security Agency boasts the ability to compromise computer protocols meant to encrypt private internet data, leaked documents have revealed. But the NSA has fallen short of totally winning its war against crypto.
Classified NSA files taken by former contractor Edward Snowden and published for the first time by Der Spiegel on Sunday reveal that, while the United States’ intelligence agency is indeed adept at cracking encryption, its efforts are no match when it comes to some of the more popular protocols used to keep communications private.
The NSA – along with its Five Eyes partners in Canada, New Zealand, Australia, and the UK – spends millions of dollars annually to break encryption standards used to keep the web secure, Spiegel reported over the weekend. Yet while previous files published from the Snowden trove have already exposed to a degree the scope of the NSA’s efforts, the latest installment acknowledges for the first time that protocols including TSL/SSL, SSH, PPTP and Ipsec are exploited in order to give spies an intimate look at internet traffic intended to be kept secret.
Released concurrently with a presentation given at the 31st annual Chaos Communication Congress in Hamburg, Germany by two of the article’s authors, the Spiegel piece explains that the NSA and its allies use a plethora of practices to compromise computer protocols, random number generators, and third-party software advertised as being supposedly secure in an effort to gather intelligence on alleged terrorists.
“Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?” reads an excerpt from one of dozens of classified government documents published by the German paper.
Read the entire article