Security Advisor

NSA Allegedly Able To Crack Most Data Encryption

Untitled Document

According to a report released yesterday by The Guardian newspaper, the U.S. National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ) are able to circumvent most encryption.

The agencies can break encryption used to secure private data, such as protections for e-mails, bank records and medical records, per the report, which is based on leaked secret documents by NSA whistleblower Edward Snowden. The documents describe  an NSA project code-named "Bullrun," which has focused billions of dollars on cracking encryption technology since 2000. It wasn't until 2010 that the project had reached its goal.

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," states the 2010 GCHQ document reported on by The Guardian. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."

The actual logistics on NSA's ability to crack encrypted data has been a closely held secret and analysts working for the GCHQ were told, "Do not ask about or speculate on sources or methods underpinning Bullrun," according to a British internal document.

However, in vague terms, the documents allege that along with using supercomputers to break encryption, the NSA covertly inserted code to weaken encryption standards and to provide a window for access for the security agency. Also, in a supporting operation to Bullrun called the "Sigint Enabling Project," the NSA spent more than $250 million a year to persuade tech firms to make their commercial software and services exploitable.

While specific companies weren't named as participating in the Sigint Enabling Project, earlier reports on the NSA RISM surveillance program have alleged that firms such as Microsoft, Google, Facebook and Apple have all worked closely with the intelligence agency in the name of national security.

Commenting on the recent The Guardian report, Dave Anderson, a senior director with Voltage Security said that the main way that the NSA can gain access to encrypted data is when security protocols are lax, whether that be from IT firms working closely with federal law enforcement or relaxed user security habits.

"In the light of this, it seems likely that any possible way that the NSA might have bypassed encryption was almost certainly due to a flaw in the key management processes that support the use of encryption, rather than through the cryptography itself," said Anderson in an e-mailed comment.  "So, is it possible that the NSA can decrypt financial and shopping accounts? Perhaps, but only if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error."

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.