The details about the National Security Agency's cyber surveillance efforts continue to emerge after the Edward Snowden NSA leak earlier this summer. Each subsequent report about the NSA's powers seem to describe even more sweeping cyber surveillance capabilities than before, and this time is no different.
According to The Guardian, which has been reporting the NSA Snowden leaks from the beginning, newly analyzed classified documents from Snowden show that the NSA and its counterpart in England, the GCHQ, was capable of defeating much of the standard encryption used around the world - as one security expert put it, undermining "the fabric of the internet."
While it wasn't surprising that the NSA would seek to find ways to crack encryption codes (that's basically one of the premises the NSA was founded on), it was startling how the NSA went about circumventing encryption. Several different techniques were used over a long term, including a decade-long program to break encryption techniques used in international communications cables, secretly influencing product designs, putting in "back doors" in the code of commercial encryption, and undermining international encryption standards. Files show that the NSA compromised security and privacy in consumer technologies, online banking, and medical records.
When the NSA could, it would put a "back door" or plant a vulnerability in software or encryption standards. That's because, while the NSA also has the capability to "break" encryption with high powered computers that simply run as many possible solutions against encoded data - a so-called "brute force" attack, because you're simply applying processing power against encryption - the NSA usually would prefer to undermine their targets' security in the first place. For example, a GCHQ (the English NSA counterpart) team has been working to develop ways into the encrypted traffic of Hotmail, Google, Yahoo, and Facebook. In addition, a $250 million-a-year program by the NSA is focused on working with technology companies to "covertly influence" the design of their products in order to "insert vulnerabilities into commercial encryption systems." As part of this effort, GCHQ established a human intelligence capability - meaning (secret) boots on the ground inside the IT industry - that was "responsible for identifying, recruiting and running covert agents in the global telecommunications industry."
According to NSA documents, that program, in this year of 2013, expects to obtain access to "data flowing through... a major communications provider" and a "major internet peer-to-peer voice and text communications system."
When it comes to international data security standards, the NSA would work covertly to introduce certain security standards issued by the U.S. National Institute of Standards and Technology, of which the NSA "became the sole editor," by the end of the process, according to documents.
The office of the director of national intelligence, which oversees intelligence agencies in the U.S., responded to the report saying, "The stories published yesterday... reveal specific and classified details about how we conduct this critical intelligence activity." The statement went on to say, "Anything that yesterday's disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions."
While the Guardian's article does expose specific techniques or a so-called "road map", according to the Guardian, ordinary people are "tellingly referred to in the [leaked NSA] document as 'adversaries.'"
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction