back to article Reports: NSA has compromised most internet encryption

The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports. In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their …


This topic is closed for new posts.


    1. Anonymous Coward
      Anonymous Coward

      So, 1/5 of the CIA and NSA works with the invoicing of Al-Queda? Bit heavy on the back office, but, someone has to watch the people who watch the people who signs the payslips.

      ... or ... is it that Data Integrity Monster rearing it's olde head, with all the BOFH's having full, untraceable, access and to become any user they need to be for fixing issues which are also sekret?

      BOFH-A narcs on some scheme run by BOFH-B which then retaliates by buying a kilo of Coke for BOFH-A using PHB's platinum AMEX-card on The Silk Road and enrolling BOFH-A's PFY in a few dubious mosques. But to cover the tracks it is necessary to update the secret personnel files of several PFY's, including one's own (who then smell a rat .... e.t.c.).

      PS: BOFH-A gets the coke and is happy, the purchase is traced to PHB but Kilos of Coke is the travel cash for covert operations so no warning is triggered.

    2. BillG

      When Obama said he was going to be have the most transparent presidency in history, what he really meant was WE would be the ones that are transparent.

  1. Paul Crawford Silver badge

    Such a surprise?

    For those with a good range of metallic headgear, this should come as no big surprise. After all, few bank robberies actually break the safe door, they either get the keys (by bribery or coercion) or they go in via the walls that are weaker.

    It has long been known that the whole concept of SSL is fundamentally broken: compromise any one of the ~600 issuers and you can fake a certificate for man-in-the-middle attacks, and yet no one has serious tried to fix this in spite of the occasional publicised attack.

    Similarly a lot of VPNs use only PPPT as it is MS's favoured option, though known to be also fundamentally broken w.r.t MITM attacks, etc.

    And with MS being on such good terms with the US gov it is hard to avoid the conclusion that they would work with three-lettered agencies to either allow direct access, or not to close useful holes unless the "bad guys" start using them. Why are the likes of skydrive (and Google's offerings) not client-side encrypted by default? Maybe laziness, maybe to help? Who knows, so adjust your hats accordingly...

    None if this means that encryption is not a good way of protecting your privacy, it is. But what it means is you cannot trust most of the current players that should be delivering it to be acting in the interest of you, the customer.

    1. btrower

      Re: Such a surprise?

      Re "man-in-the-middle attacks, and yet no one has serious tried to fix this"

      Really, why? I am not even a crypto expert and I know this whole system of trust is woefully broken in multiple ways. I might not be able to devise a fool-proof system, but I could surely devise one better than our current sorry system.

      1. Destroy All Monsters Silver badge

        Re: Such a surprise?

        > but I could surely devise one better than our current sorry system.

        Please feel free.

        1. tom dial Silver badge

          Re: Such a surprise?

          Face to face exchange of high bit count public keys. This has practical limitations for commerce, but beats trusting Diginotar.

    2. Eddy Ito

      Re: Such a surprise?

      "... acting in the interest of you, the customer."

      Somehow I feel the problem really hit stride was somewhere about the time 'you, the customer' became 'you, the product'.

    3. Charles 9

      Re: Such a surprise?

      There is reason to believe that there may be NO solution to the problem of Alice and Bob establishing trust with each other without help from a third paty (whose trust cannot be guaranteeed). Wasn't there a recent article that noted they had a similar trust problem with quantum encryption (which in turn prevented it from being provably secure)? And it may not be possible (or wise) for Alice and Bob to meet face to face.

    4. Steve the Cynic

      Re: Such a surprise?

      "It has long been known that the whole concept of SSL is fundamentally broken: compromise any one of the ~600 issuers and you can fake a certificate for man-in-the-middle attacks, and yet no one has serious tried to fix this in spite of the occasional publicised attack."

      Not the *whole* concept. You can use SSL in a far less broken way, where you install the server's certificate locally and refuse to connect if the certificate visible to you matches the one you have. This has two main flaws:

      1. It is possible that the server has been compromised internally in some way that allows the real certificate to be used. For politically sensitive data, this is the critical flaw, assuming that the owner of the client machine is some sort of whistleblower, spy, or anti-dictatorial activist.

      2. The solution does not scale to the whole Internet - do you really have time to visit all those companies you do business with? Can you imagine the conversations you'd have with their receptionists?

      1. Paul Crawford Silver badge

        Re: Such a surprise?

        "Not the *whole* concept."

        No, not the certificate system at a basic level, but the fact there are so many signing authorities that are installed and trusted by default by most web browsers and their users.

        There is a need to, somehow, verify that certificates for a given domain are not duplicated or otherwise certified by another issuer and that any changes are flagged and investigated.

        However, this last part (which, for example, is the bit where SSH can reveal an attempted MITM attack or, more often, a re-installed server) is fundamentally broken with all non-paranoid geeks who just see a warning pop up and click "yes, whatever" to see more cat videos.

    5. dajames
      Big Brother

      Re: Such a surprise?

      It has long been known that the whole concept of SSL is fundamentally broken:

      SSL itself isn't broken at all ... SSL lets you say "Because Alice trusts Trent, and Trent tells her that such-and-such a certificate really does contain Bob's public key, Alice is able to use that key to communicate with Bob with confidence".

      That's perfectly true, as far as it goes. SSL allows Alice and Bob to communicate with confidence in the security of their communications because they both trust Trent. The system falls down if Trent proves unworthy of that tust, or if Trent's key has been subverted by Mallory who doesn't have Alice's or Bob's interests at heart, or if Alice and Bob mistake Mallory for Trent and so inadvertently trust Mallory.

      What we're starting to learn is that we should pay more attention to the question of whom we should trust, and whom we should trust to tell us who they trust.

      1. Charles 9

        Re: Such a surprise?

        But that's the big problem. That you basically NEED a third party to vouch Alice to Bob and vice versa. Not even Quantum Encryption can seem to escape from that dilemma. Thing is, in this environment, if Alice can't trust Bob, what reason could they have to trust Trent, whom to Alice is just another stranger? Especially if Alice is in a hostile environment where DTA is the rule of thumb.

  2. Dodgy Geezer Silver badge

    Ah well...

    ...back to the old-fashioned ways.

    A one-time pad and my own implementation of Blowfish. And keys sent by couriers are split into at least three parts. Roll on quantum cryptography.....

    1. Don Jefe

      Re: Ah well...

      Psssht. You're going to have to do better than that. Technology is not the answer you're looking for. I've hired two attorneys away from the White House who will be writing all my future communications.

      I will use the governments own tools against it in the form of impossibly dense bureaucratic double speak and unintelligible jargon that references information that can't be accessed, verified or validated.

      I will do this in plain sight, with 100% transparency and invite any and all analysts and pundits to pontificate on the true meaning(s) which lay hidden in plain sight but which are truly visible only to myself and those who are the intended recipients.

      Ha! Beat that with your Blowfish :)

      1. frank ly

        Re: Ah well...

        Maybe if you invented your own 'private language'; I'm thinking of the Navajo code-talkers of WW2 here. Then again, language is a form of encoding of meaning, so can encryption breaking techniques be used to translate an unknown language into your own language?

        1. Anonymous Coward

          Re: Ah well...

          Yes. Torture is a most excellent deciphering tool.

          Threats of death to loved ones can also unmask the most fiendish codes too...

          1. Charles 9

            Re: Ah well...

            "Threats of death to loved ones can also unmask the most fiendish codes too..."

            And suppose you're a masochist (torture gets you off) with no friends or family (no other ways to get to you)?

            1. NomNomNom

              Re: Ah well...

              "And suppose you're a masochist (torture gets you off) with no friends or family (no other ways to get to you)?"

              then who gives a shit what you write

            2. Anonymous Coward
              Anonymous Coward

              Re: Ah well...

              Which orifice did you blow that little nugget of brown wisdom (still doesn't answer my question) out of?

              You are aware of waterboarding, sleep deprivation, fluid and food deprivation I assume?

              Just because I am aware of these tactics doesn't mean I enjoy them being used against people.


              Only one of us here with isolation complex issues...

        2. Mike Banahan

          Re: Ah well...

          ISTR (too lazy to check) that the Navajo Code Talkers used Navajo words to transmit still-encoded messages, so even when a Navajo speaker was captured, all he was able to say was something along the line of 'green cheese pickle egg' in response to the demand to decode a message. You would need access to the code books too to figure out that that actually meant 'attack at dawn'. Effectively, the encryption was multi-layered.

          1. This post has been deleted by its author

        3. Anonymous Coward
          Anonymous Coward

          Re: Ah well...

          This is surely more or less a simple substution code? English word for german soldier -> Navajo word for german soldier, plus a bit of Navajo grammar and glue. I think "decrypting" a novel language would not be that much of a challenge if it was used at all extensively since the actions that follow the message will quickly give clues to the language.

          Encryption works partly because there is no correlation between the ciphertext of two messages, even if they say the same thing because different keys are used each time (there are protocols for securely agreeing new keys) and each ciphertext block is usually encrypted using the previous block as part of its input so even a repeat in the plaintext doesn't show up as a repeat in the ciphertext.

      2. This post has been deleted by its author

      3. RobHib

        @Don Jefe - Re: Ah well...

        This recent exposure has put the truly serious punters on notice, that's if they weren't so already. They won't use electronic communications except to pass very short encrypted cues (action/go messages) whose meanings have already been previously conveyed in person or by other non-electronic means.

        For instance, 'How's yuh mother's roses' could mean 'go eliminate xyz at such and such at the prearranged time' etc. and this translation never goes via any electronic network or even telephone. Essentially, this is how the British SOE sent messages into the field during WWII, 'innocuous' cue messages were sent out on the BBC into France etc. Today, even the detection of such cryptic messages (i.e. just finding their existence) could be seriously slowed down by obfuscating schemes such as Tor, especially so if only part of the message went by Tor (and even then using steganography) etc. If or when the message is eventually uncovered it'll be too late to do anything about it. Essentially, the true (and really dangerous) professionals are unlikely to be caught--not by message interception anyway.

        However it does seem to me that this vast spying and decrypting effort by the NSA, CGHQ, Oz's Defence Sig. Directorate etc. will have a significant effect on the second-rank players. These include cloud users with encrypted info, encrypted VPNs etc. Such users include corporations both within and outside the US, various governments and their agencies sending all but the most secret info.

        Clearly, by now, all these second-rank players will also be aware that their data is very likely compromised. There'll be suspicion that trade treaties have been compromised by the US, UK etc. as commercial-in-confidence info from other countries will be used to the advantage of the US etc., etc.

        Basically, the US Government gave us an unfettered internet 20 or so years ago and it's realized its mistake. And over the last decade it has surreptitiously brought it back under its control. It's only now we are beginning to realise this and to the extent to which it has been successful.

        I think there's little doubt that this spying has significantly compromised the net, and users will never see it as the place it once was. I think we should have realised this way back in 2001 and when the Patriot Act (and the equiv. laws in the UK, Aust. etc.) were passed. Trouble is the spied-upon will retaliate in kind and this won't be nice.

        As I've said many times, effectively the terrorists have won. They've screwed up our lives and that's what they intended.

        1. This post has been deleted by its author

          1. RobHib

            @ribosome - Re: @Don Jefe - Ah well...

            You're very probably correct. Moreover, I'll bet there's many an inventive scheme that we've never contemplated.

            It begs questions as to whether or not the NSA et al realized that the professional nasties would eventually skip electronic town to avoid detection when they initially invested the billions in this spying venture. If so, then this vast investment will have been aimed primarily (and knowingly) at the second-tier players. If correct, then the ramifications of this, I'd reckon, are quite horrendous.

            If they thought this enormous spying infrastructure (in the absence, say, of Snowden) would never have been exposed and thus the world would never have been spooked [duh, sorry], then such reasoning seems completely fanciful. One only has to look to history for this: when Roosevelt and Churchill met Stalin at Yalta in February 1945, Stalin was already well aware of the primary purpose of the Manhattan Project through his own spies. The fact is, something this big cannot be hidden for very long—anyway, at least the basics of the project and its main purpose cannot.

            Again, this leads us back to the original motives for and the rationale behind this enormous investment in spying, the NSA et al must have known that it wouldn't be long before they'd be outed, and that China and Russia etc. would know exactly down to a tee what they were doing. This obviously leads to the next question: given that you can't hide a project of this size from the security agencies of other governments (China etc.), then did the NSA inform them of the fact on the basis that this enormous increase in effort was specifically for and only to catch terrorists [as a worldwide network already existed for such purposes—simply, was China et al informed by the US of its massive expansion in spying?].

            Seems to me the world now ought to be told answers to these questions. The very covenant that binds the citizenry to the state—that which holds democracy together depends of such answers. Reckon we're in for a pretty bleak time if citizens lose significantly more trust in their governments (as it seems is happening).

            1. Don Jefe

              Re: Ah well!!!

              Ha! Obviously my new strategy for hidden plain text communications, as outlined in my initial reply, is highly effective. A few individuals understood the message while the rest suggested methods by which I could obfuscate my communications.

              1. Charles 9

                Re: Ah well!!!

                The thing is, how can you communicate very precise information in plain english without having first met the other party (which can itself be a tipoff)? And what if the plan changes and you have to send new coordinates or whatever and are unable to meet your second party again?

                Plain english codewords like "birthday party" are only good for very limited scenarios. Once you get to a broader vocabulary, you're going to need something rather more sophisticated.

        2. amanfromMars 1 Silver badge

          @RobHib Re: @Don Jefe - Ah well... Unintended Consequences always Best Deliver Novel Opportunities

          Basically, the US Government gave us an unfettered internet 20 or so years ago and it's realized its mistake. And over the last decade it has surreptitiously brought it back under its control. It's only now we are beginning to realise this and to the extent to which it has been successful. ..... RobHib Friday 6th September 2013 09:07 GMT

          Successfully surreptitiously brought back under its control, RobHib? Methinks currently be that a dream scenario in which the realities of today and tomorrow play no part ....... although with a little extra especial work done, would one not be able to rule out it being so configured for/in the future.

          1. RobHib

            Re: @RobHib @Don Jefe - Ah well... Unintended Consequences always Best Deliver Novel Opportunities

            Adjectives can be terrible things, they've no extent or measure unless carefully defined.

            Similarly, Control also needs to be defined, and I plead guilty your honour (but 'tis not a PhD thesis either).

            Governments want to do what governments normally do, and that's control and regulate the world around them, and for its first decade the internet had no government control whatsoever. Abiding control envy and the internet being out of regulatory reach was more than they could stand, and it demanded crisis action to rectify.

            ...And they threw billions and billions at it, and the tide eventually turned. And now governments feel much better; and very soon they're hoping to feel even better still, because they've billions and billions to feel much better!

            Now, there's some control, and soon there'll be more, probably much more. Hackers, pedophiles, terrorists and other criminals are now being caught and money laundering detected. Because that's what governments do! Right, the internet's being "brought back under its control", we're seeing it happen now, and NSA and CGHQ leaks confirm that fact.

            Governments want regulatory control and the internet under law, because they want it so. And they're powerful enough to say they can have it so; because in the past they've always regulated everything else, and there's no exception—because that's what governments do. It'd be anathema if governments didn't want it so, with a luscious target the size and scope of the internet, it'd be outrageously stupid to think otherwise. Thousands of years tell us that.

            Do governments want the internet back and under controlling ownership as in the days of ARPANET? Definitely not. But they certainly demand to be its headmaster. Now, Snowden's revelations prove they've gotten the job.

            Sorry, I apologise; I thought all that would have been blindingly obvious.

        3. Vic

          Re: @Don Jefe - Ah well...

          > Essentially, this is how the British SOE sent messages into the field during WWII

          You'd do it in spam messages now.

          Broadcast your spam to the world, with the actual message hidden steganographically in pictures of an Asian-looking bloke in a white coat offering you blue pills.

          You could send the spam to the work email address of the agent supposed to be following you - if it lokos spammy enough, it'll be discarded...


      4. Anonymous Coward
        Anonymous Coward

        Re: Ah well...

        Simple. If man can do it, man can UNdo it. Just use one lawyer skilled in doublespeak to untangle your lawyer's doublespeak.

        As for the one time pad, if I had the capability and knew what was your pad (not the contents, just the existence), I'd find a way to swap it out for MY one-time pad, then MITM you.

      5. amanfromMars 1 Silver badge

        Re: Ah well... @ Don Jefe [Posted Thursday 5th September 2013 23:03 GMT]

        Quite so, DJ. Such AlienSpeak is secure enough to practically get all virtual jobs done in a relative flash and/or flash crash too if the markets are tardy/unresponsive/dumb and dim-witted/paralysed and terrorised.

  3. btrower

    Disinformation is their secret weapon

    Disinformation is their secret weapon. We *know* a one time pad is secure. In essence, this is the target condition of encryption. The tiny keys we are encouraged to use, transparent means of encryption, simplistic structures, defined end-to-end transmission, etc, etc, etc is, in my opinion largely a snow-job to discourage people from using strong encryption and building webs of trust.

    The people that sign SSL keys on the Internet are among the least trustworthy players on the Internet.

    We need to attack this problem both with technology and politically. The fact that powerful adversaries are being funded by our tax dollars and given greater than equal standing when we set standards is disturbing.

    One of the main weaknesses of modern crypto is in generating things like keys and nonces. I would be surprised if the NSA does not have the ability to brute-force most conventional encryption due to weaknesses in the systems that generate keys.

    Modern crypto as currently deployed is not, in my opinion, sufficient.

    1. Charles 9

      Re: Disinformation is their secret weapon

      Even open-sourced ones where the code can be analyzed?

      Also, there's also reason to believe not all algorithms are vulnerable. There's a high-profile case of the FBI trying to obtain evidence off a drug dealer's hard drive, but it was TrueCrypted, and despite a year of brute-forcing, they couldn't get at the data.

      As for web of trust systems, it seems all of them are necessarily complicated and difficult to implement. Freenet has a WoT system using CAPTCHAs, and it's clunky as anything.

    2. Suricou Raven

      Re: Disinformation is their secret weapon

      I'm surprised no-one has released a OTP VPN. It should be quite practical for the common business usage.

      1. HQ fills a portable 2.5" drive with, say, 250GB of randomness. Keeps another copy on their VPN server.

      2. Remote worker goes off on their business trip, keeping the drive on their person.

      3. VPN using the drive as a OTP. Easiest way would be to have one side of the conversation start XORing at the beginning of the drive and one and the end. Erase the OTP from the drive as it's used up, in case of later confiscation.

      4. When worker gets back from the business trip, refill the OTP drive before the next one.

      Obviously you could only send as much data as the drive can hold for the OTP, but 250GB is still quite enough to last a business trip - and if you need more, you can always just take a couple of 1TB drives.

      If the remote worker's laptop has the capacity and the need for VPN transfer low enough, you could do away with the drive and just store the OTP on the internal drive.

    3. MrXavia

      Re: Disinformation is their secret weapon

      While MITM attacks are slightly worrying, to me they are less so when done by GCHQ, but very worrying when done by the NSA (I would expect the gov to protect me against external monitoring, even if they have the ability to 'wire tap' my connection if they need to)

      My biggest concern is when they do this without a warrant, I am a firm believer that NO wire taps, traces, decryption or even a request for encryption keys, should be done without a warrant issued by a judge with good reason as its due to a serious suspected crime (i.e. murder, drugs, people trafficking, firearms, terrorism)...

      Someone needs to implement a way to detect MITM attacks automatically and integrate it into a browser...

      I am sure there MUST be a way to do it, even if that would require again trusting some third party to confirm its all OK...

      1. Charles 9

        Re: Disinformation is their secret weapon

        "My biggest concern is when they do this without a warrant, I am a firm believer that NO wire taps, traces, decryption or even a request for encryption keys, should be done without a warrant issued by a judge with good reason as its due to a serious suspected crime (i.e. murder, drugs, people trafficking, firearms, terrorism)..."

        Even if the mere issuance of the warrant gives the game away (due to moles and the like) and makes the terrorist(s) go to ground?

        1. Intractable Potsherd

          Re: Disinformation is their secret weapon @Charles 9

          Yes, even in those cases. Without due process, the "good guys" are indistinguishable from the "bad" ones.

          Besides, give me a non-movie-plot scenario (i.e. one that is actually likely) in which your case would apply.

    4. Dr Dan Holdsworth

      Re: Disinformation is their secret weapon

      To be honest here, what we're currently using encryption for is vermin control, and it really doesn't take all that much encryption to keep modern crooks out of, say, a banking system. Most of the time we don't need to keep the NSA out, because the average person bumbles along not doing very much of interest to a major spying agency at all. About the most that the average punter gets up to is a spot of marital infidelity or low-level larceny; annoying on a personal level but profoundly uninteresting to the NSA.

      The mistake here is to imagine that shoddily-executed, vermin control encryption is going to keep the big boys' noses out of your data. It isn't; only the sheer banality and uninterestingness keeps them off your back. The only time to start worrying significantly is if or when the NSA starts routinely leaking the data it has sniffed out to other agencies or even commercial companies; as soon as it does this, it joins the ranks of internet vermin.

      Once on the vermin list, I doubt the NSA would ever get off it, and once the world realises that shonky encryption won't do the job, geeks everywhere will start trying to up their game and lock the NSA out. The actual terrorists already do this; face to face meetings and lone-wolf attacks are almost impossible to spot online.

      1. Anonymous Coward
        Anonymous Coward

        Re: Disinformation is their secret weapon

        Perhaps you're correct, but how many ex-NSA employees are, or have been, employed by the banking and finance industries? I know of one who keeps hopping from company to company, and i now am beginning to wonder if he's still employed by the NSA...

  4. Anonymous Coward
    Anonymous Coward

    You'd be...

    ...very naive to not know others have compromised encryption and it ain't the good guys which is in fact the NSA.

    1. Don Jefe

      Re: You'd be...

      Good GuysTM do not creep on you in the middle of the night and rifle through your wife and daughters emails, calls, texts and pictures. In fact that's pretty much the opposite of Good GuyTM behavior.

      However noble and just a cause may be, when those who support and follow that cause resort to the tactics, behaviors and attitudes of the Bad GuysTM they have in fact become what they set out to destroy.

      This repulsive idea of "Win At All Costs" has become accepted among so many and it is sad. Your fears are being exploited and encouraging you to twist the meaning of Good within your own mind. Twist it so badly out of shape that you can no longer discern the meanings of Good and Bad yourself. You wait for someone from on high to tell you what it means... You have given up moral discrimination, the single most unique aspect of the Human species.

      1. Dave 126 Silver badge

        Re: You'd be...

        Smiley does not retrieve his Ronson cigarette lighter from the ground, after it is dropped by his nemesis.

      2. tom dial Silver badge

        Re: You'd be...

        We all would like to see your evidence that the NSA does so.

        It really is not all about you, your wife and your children.

        1. Don Jefe

          Re: You'd be...

          You're right. It's about you, your wife and your children and those of your neighbor. The fact that you consistently fail to miss that point is stunning to me.

          Here's the NSA's own admission that spying on the current and ex love interests of agents does take place. This is only those who get caught. Snowden managed to waltz right out of there with tons of information and months later they still don't know what he took. It's fair to say their internal security isn't great and presumably only the stupid or careless get caught.

  5. Anonymous Coward
    Anonymous Coward

    Bruce Schneier has released a couple of essays relating to these docs

    1. Anonymous Coward
      Anonymous Coward

      well, yes...

      He had a part in the examination of this batch of documents...

    Thumb Down

    GCHQ are doing their job

    When did it become GCHQ job to spy on *law abiding* citizens unencrypted, let alone encrypted, private/confidential communications?

    Or rather, 'adversaries', to use the new colloquialism?

    These revelations, or rather the fact of the corrupt co-operation between IT industry leaders and these fascists, will do huge damage to public trust in IT people & products.

    1. Anonymous Coward
      Anonymous Coward

      Re: GCHQ are doing their job

      I used to laugh when people talked about 'Police State'. Paranoid nutters, I thought. It doesn't seem as funny now.


This topic is closed for new posts.

Other stories you might like