How NSA Cracks Encrypted Data
New facts continue to come out about the National Security Agency’s (NSA) information-gathering programs that seem to outdo previous scoops about the United States' spying capabilities. This week is no different, with new reports detailing NSA's effforts to battle encrypted data.
The New York Times, The Guardian, and ProPublica all teamed up to write stories (one hosted on the websites of The New York Times and ProPublica, and another published on The Guardian's website) based on the documents, revealed by Edward Snowden, that show the extent to which NSA has used “supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age.”
Essentially, the National Security Agency has been working on cracking encrypted code that keeps sensitive data, like bank and medical records, locked up. This may not be that much of a surprise given that NSA “has specialized in code-breaking since its creation in 1952,” but it’s pretty astonishing to read about how exactly NSA has accomplished this.
According to the documents provided by Edward Snowden, in about the year 2000, NSA “began collaborating with technology companies in the United States and abroad to build entry points into their products,” which would help NSA capture pre-encrypted messages from “target computers” that NSA could hack into.
From The New York Times:
The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
Additionally, NSA has been doing its best to knock down international encryption standards that developers adhere to. The New York Times piece describes how one of the goals of NSA’s 2013 budget request “was to ‘influence policies, standards and specifications for commercial public key technologies,’ the most common encryption method.”
The report also states that the leaked documents confirm what some cryptographers believed—that NSA “planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body.”
Of course, many big technology companies have tried their best to distance themselves from NSA’s activities because of the negative publicity that comes with them. An article from Bloomberg dives into this topic and probes the minds of industry analysts who say that these new revelations are only going to add more fuel to the fire.
Companies offering cloud services -- in which businesses pay a third party to provide databases, storage and computing power -- may lose as much as $35 billion by 2016 as foreign companies avoid U.S. solutions because of the fear the NSA may have access to the data, according to a study released last month by the Information Technology & Innovation Foundation.
It will be interesting to see the fallout from these reports as each new piece of the NSA jigsaw puzzle gets uncovered.