LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   NSA has circumvented much of internet encryption (http://www.linuxquestions.org/questions/general-10/nsa-has-circumvented-much-of-internet-encryption-4175476133/)

H_TeXMeX_H 09-06-2013 04:28 AM

NSA has circumvented much of internet encryption
 
http://yro.slashdot.org/story/13/09/...net-encryption
Quote:

"The New York Times is reporting that the NSA has 'has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. ... The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.'"
So, basically, what they have:
1) Supercomputers designed specifically for breaking encryption.
2) Backdoors into company computers and company products.
3) Backdoors or at least weaknesses introduced into cryptography schemes, to make them more or completely crackable at least by them.
4) Rootkits that can read data before it is encrypted / after it is decrypted.
5) Collaboration with major internet companies (you probably already know them).
6) The ability to obtain (legally and otherwise) master encryption keys if companies are unwilling to cooperate.
7) Influence the development of hardware designed for encryption by adding a backdoor or weakness.
8) Its most intense efforts are focused on SSL, VPN, and 4G.
And there are these notes:
Quote:

A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".
...
"Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive." The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.
...
Analysts were instructed: "Do not ask about or speculate on sources or methods underpinning Bullrun." This informaton was so closely guarded, according to one document, that even those with access to aspects of the program were warned: "There will be no 'need to know'."
http://www.theguardian.com/world/201...codes-security

Having said that, it's pretty clear that they see all, they know all. Now, this is their job, but you wonder if all these techniques cannot backfire. The articles also mention this. I mean why can't other people use the backdoors ? Just because they might not know about them ? I would say a full investigation may be a good idea, as their methods may not be 100% towards "national security" as they claim.

brianL 09-06-2013 05:57 AM

Bullrun and Edgehill: both battles in civil wars. Indicates that THEY regard all of US, not only potential terrorists, as the enemy.

tangle 09-06-2013 11:39 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 5022900)
http://yro.slashdot.org/story/13/09/...net-encryption
Now, this is their job, but you wonder if all these techniques cannot backfire.

Actually without a warrant it is illegal when it comes to citizens of the US. The 4th Amendment states,

[QUOTE]"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."[/CODE]

So for them to collect data like that is illegal. They are criminals plain and simple. The only way it can backfire is if the American people actually took the Constitution (the law) seriously and demanded justice.

H_TeXMeX_H 09-06-2013 12:16 PM

What about the patriot act (section 215):
http://it.slashdot.org/story/13/09/0...-on-nsa-spying
https://threatpost.com/government-to...illance/102177

How can the American people fight what they have created ? It's too late. Fight now and you will be sent to Guantanamo with the rest.

tangle 09-06-2013 12:25 PM

The Constitution is the law of the land. They only way to change it is to Ammend it. The Patriot Act as a whole is illegal because it violates the Constitution. There are checks and balances formed when the country was formed. In the Constitution, there is a check for a tyrannical government. In no way did the founders of this country ever intend for us to live under a tyrannical government.

Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.

Quote:

But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security.

LarryLQ 09-06-2013 12:32 PM

So I guess https, SSL, gpg and ssh tunneling is useless in today's world...

It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.

H_TeXMeX_H 09-06-2013 01:31 PM

Quote:

Originally Posted by LarryLQ (Post 5023143)
So I guess https, SSL, gpg and ssh tunneling is useless in today's world...

It seems that NSA is above the law. Hell, they have violated court orders on collecting data on American citizens. It's not right for them to treat American citizens as domestic terrorists.

I wouldn't say useless, but certainly not safe from the NSA.

Quote:

Originally Posted by tangle (Post 5023137)
Here is a quote from the Delcaration of Independence that you might find interesting. Notice how Thomas Jefferson used the words right and duty.

Yeah, he too would be in Guantanamo if here were alive today.

kooru 09-07-2013 02:49 AM

So to be totally anonymous and safe, the only solution is no connection in internet.

dugan 09-07-2013 04:16 AM

I think the "totally anonymous and safe" part might be a stretch. Internet traffic is only one of the communications channels that the NSA is (supposed to be) monitoring.

Also, I don't know what "terrorists" this is meant to catch, because Bin Laden was communicating exclusively via hand-couriered letters.

H_TeXMeX_H 09-07-2013 08:59 AM

New Jersey Congressman Seeks To Bar NSA Backdoors In Encryption
http://politics.slashdot.org/story/1...-in-encryption

H_TeXMeX_H 09-08-2013 02:53 AM

John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
http://linux.slashdot.org/story/13/0...rypto-in-ipsec
Quote:

"In a recent article posted on the cryptography mailing list, long time civil libertarian and free software entrepreneur John Gilmore has analyzed possible NSA obstruction of cryptography in IPSEC. He suggests that packet processing in the Linux kernel had been obstructed by one kernel developer. Gilmore suggests that the NSA has been plotting against strong cryptography on mobile phones."

tangle 09-08-2013 10:05 AM

Is it still safe to use SSH and AES?

H_TeXMeX_H 09-08-2013 10:25 AM

AES was developed with the "help" of the NSA, so you won't find me going anywhere near it.

tangle 09-08-2013 10:28 AM

Is there a list of encryption algorithms that have been compromised?

H_TeXMeX_H 09-08-2013 10:51 AM

NSA Can Spy On Data From Smart Phones, Including Blackberry
http://yro.slashdot.org/story/13/09/...ing-blackberry

As for encryption algorithms that have been compromised, you need to look at each one.

Personally, I would look for ones that have not been compromised, but that have been thoroughly used and analyzed. And, of course, not developed with the "help" of the NSA. I currently recommend twofish, but that's not to say that the NSA can't crack it.


All times are GMT -5. The time now is 10:57 PM.