Snowden shed light on the situation with hacking cryptography. Everything is bad

A fresh batch of classified documents from Edward Snowden makes it clear how the US National Security Agency manages to circumvent the cryptographic protection of Internet communications.

At once in three editions ( The Guardian , The New York Times and ProPublica ) excerpts from the NSA secret budget were posted, according to which since 2000, when encryption tools were massively introduced, US intelligence agencies have spent billions of dollars on breaking cryptography as part of the Bullrun secret program (named after the first major battle of the American Civil War on July 21, 1861 near Manassas, Virginia).

The Agency’s activities were not limited to the scientific research of algorithms and the construction of data centers for breaking communications using key search. It turned out that the Agency has long and successfully been working with IT companies on embedding bookmarks for US special services in their products, and is also working to detect vulnerabilities in encryption mechanisms and to deliberately weaken international data protection algorithms (an unnamed international encryption standard adopted by the International standardization organization in 2006). Only embedding backdoors in popular commercial products, as part of the program Sigint annually spent $ 250 million.

According to the documents, the greatest efforts are made to crack the SSL protocol , which ensures the security of most communications on the modern Internet. VPN and 4G security technologies are also among the priority areas. The NSA maintains an internal database of encryption keys to instantly decrypt connections. If the necessary keys are not found, then the request goes to a special “Recovery Service”, which tries to get it in various ways.

Multiple Published Documents
image

image

image

Together with the NSA, GCHQ (Government Communications Headquarters, the Center for Government Communications) participated in the program , the British intelligence agency responsible for electronic intelligence and information security for government agencies. According to The Guardian, for three years she has been developing ways to crack encrypted data passing through Hotmail, Google, Yahoo and Facebook. According to documents, by 2012 GCHQ had developed “new access features” to Google systems.

According to The New York Times, documents received from Snowden indicate that the NSA considers the ability to decrypt information one of its priorities and "competes in this area with the special services of China, Russia and other countries." “In the future, superpowers will appear and decline, depending on how strong their cryptanalytic programs are. This is the price that the United States must pay in order to maintain unlimited access to the use of cyberspace, ”the newspaper quoted the NSA as a 2007 document.

The NSA’s full capabilities in decryption are known only to a limited number of organizations, the so-called Five Eye: the NSA and their colleagues in the UK, Canada, Australia and New Zealand.

Recently, more and more large companies have begun to switch to special hardware solutions for organizing VPN and cryptography, so for 2013 the NSA planned to either integrate a hardware backdoor into encryption chips through the manufacturer, or to detect and secretly use existing vulnerabilities in the implementation. What exactly is happening now is unknown, because Snowden's documents have been around for several years.

Well-known cryptography specialist Bruce Schneier expressed the opinion in The Guardian that “the US government has betrayed the Internet” and has already published its recommendations on how to (try) to avoid NSA surveillance.