Security Advisor

NSA Allegedly Able To Crack Most Data Encryption

Untitled Document

According to a report released yesterday by The Guardian newspaper, the U.S. National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ) are able to circumvent most encryption.

The agencies can break encryption used to secure private data, such as protections for e-mails, bank records and medical records, per the report, which is based on leaked secret documents by NSA whistleblower Edward Snowden. The documents describe  an NSA project code-named "Bullrun," which has focused billions of dollars on cracking encryption technology since 2000. It wasn't until 2010 that the project had reached its goal.

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," states the 2010 GCHQ document reported on by The Guardian. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."

The actual logistics on NSA's ability to crack encrypted data has been a closely held secret and analysts working for the GCHQ were told, "Do not ask about or speculate on sources or methods underpinning Bullrun," according to a British internal document.

However, in vague terms, the documents allege that along with using supercomputers to break encryption, the NSA covertly inserted code to weaken encryption standards and to provide a window for access for the security agency. Also, in a supporting operation to Bullrun called the "Sigint Enabling Project," the NSA spent more than $250 million a year to persuade tech firms to make their commercial software and services exploitable.

While specific companies weren't named as participating in the Sigint Enabling Project, earlier reports on the NSA RISM surveillance program have alleged that firms such as Microsoft, Google, Facebook and Apple have all worked closely with the intelligence agency in the name of national security.

Commenting on the recent The Guardian report, Dave Anderson, a senior director with Voltage Security said that the main way that the NSA can gain access to encrypted data is when security protocols are lax, whether that be from IT firms working closely with federal law enforcement or relaxed user security habits.

"In the light of this, it seems likely that any possible way that the NSA might have bypassed encryption was almost certainly due to a flaw in the key management processes that support the use of encryption, rather than through the cryptography itself," said Anderson in an e-mailed comment.  "So, is it possible that the NSA can decrypt financial and shopping accounts? Perhaps, but only if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error."

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus