back to article Reports: NSA has compromised most internet encryption

The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports. In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their …

COMMENTS

This topic is closed for new posts.

Page:

  1. RonWheeler

    Private circuits

    Interested to know if BT have given them access to 'private' circuits too.

    As for other crypto...

    Could be tinfoil hat gibberish, could be real. We need the government to tell us what is going on within our shores..

    1. Thorne
      Big Brother

      Re: Private circuits

      "Could be tinfoil hat gibberish, could be real. We need the government to tell us what is going on within our shores.."

      Nothing is happening. Nothing at all. All is good. We are your friends. We're here to protect you from the big bad world. Don't worry your pretty little heads about it. All is good.......

      </brainwashing>

    2. zaax
      Facepalm

      Re: Private circuits

      Why do you think they wouldn't?

      1. John Sanders

        Re: Private circuits

        "Legal interception" anyone?

        Check UK telecoms law.

    3. phuzz Silver badge

      Re: Private circuits

      If BT havn't given GCHQ access to private circuits, it's only because GCHQ isn't interested in whoever is using those circuits.

      BT might be a private company* now, but they used to be part of the government and it's sensible to assume that the government has access to any part of BT and it's infrastructure (for which read; the majority of the infrastructure in the UK) whenever it wants.

      Not to mention that a significant fraction of global internet data flows through UK based hardware, and why would the government NOT want access to that too?

      * or rather, several companies

      1. wolfetone Silver badge

        Re: Private circuits

        So is it safe to assume the safest place in the UK is Hull?

        1. PatientOne

          Re: Private circuits

          Nope, safest place is Scunthorpe: The government porn filters keep the spies away from there, too!

    4. amanfromMars 1 Silver badge

      Re: Private circuits .... and punitive compensatory reimbursement for systems security mis-selling?

      Whenever one is told and realises that there are no private circuits, and the tale told above boldly goes and suggests that such is so and has been for more than just a short while, is everyone's information and shared transferrable thoughts, freely available to any system intelligently designed to listen and metadatabasemine content/SIGINT for intelligence streams which may be of critical and/or strategic and/or tactical import and of overwhelmingly powerful and unbelievably valuable and/or costly export potential. But if the listeners do not possess and exercise the intelligence needed to take advantage of what they have been told/been listening to, is the advantage automatically immediately bestowed upon that which is missed and/or ignored and it be a wanton vulnerability for endless zeroday exploitation ..... and future fortune making for that and those especially adept in its disciplines/IT Fields/AI Methodologies with Virtualised Technologies.

      The following is sitting pending on a number of spooky desks and tests for necessary intelligence in beings that imagine they and IT lead and the world and his dog and its dogs of war follow .......

      Attacks from software bugs and computer viruses target computer devices such as servers, firewalls, desktops, laptops and smart phones. The government owns many such devices. Attacks include gaining unauthorized access, denial of service, malicious code insertion or password cracking. Hackers and other cyber criminals employ the Internet as a delivery means. Such attacks have a limited scope and therefore are seen as carrying geographically containable security risks.http://cryptome.org/2013/09/dod-internet-vuls-cyberspy.pdf

      All SMARTR HeroICQ Environment Operations/CyberIntelAIgent Exploits and Virtual Reality Sorties which can be perceived and mistaken and misunderestimated and classified way above Top Secret/Special Compartment Information and Strictly Need to Know, …. and which are in both true fact and fabulous fiction, a Quantum Communication Offer for/from States of Being[s] with Instant Server Provision of Sublime InterNetwork Supply with FailSafe Monumental Guarantees that Protect One with an Ever Increasing and Reinforcing and Empowering Sanity in Surroundings Dealing Debilitating Madness in Forever Failing Systems of Secretive Falsehoods …… need only target the weak human link, no matter how strong and/or smart that link may be supposed to be in cases, which be fixed twixt keyboard and screen/instruction device and virtually programmed machine interface, to gain unfettered pirate and unknown private access to all systems of command and control, whether SCADA or not.

      Such attacks are unlimited in scope and unhindered and deliver uncontainable security risk and Advanced Information to IntelAIgents and Assets within Active Stealth ProgramMING* for Greater CyberIntelAIgent Games Plays from Global Communications Heads Quarters.

      * … Active Stealth Program Mind Infiltration Network Games …. NEUKlearer HyperRadioProActive IT….. a Novel and Noble Transparency …… AI@ITsWork and on Stirring Sterling Special Stirling Super Source Missions.

      Denying it be so and not a current present enigmatic dilemma to be serviced and servered/stealthily engaged with and silently delivered of its future feeds/seeds/needs, does not alter the fact but it does provide instruction in the best direction in which to proceed and to whom is supply most likely best appreciated.

    5. Michael Wojcik Silver badge

      Re: Private circuits

      We need the government to tell us what is going on within our shores.

      And how would we verify their claims?

      Proving you do have knowledge of a secret is relatively straightforward, even with various constraints.1 Proving you don't have such knowledge is rather more difficult. And it's vanishingly unlikely that any government would ever even worry about making a convincing argument to that end. Some of the populace would believe an unsupported denial; some would never be convinced no matter what statement the government made or evidence it offered. The remaining portion of the electorate is likely to be too small to be of any concern to officialdom.

      1For example, if you want to prove knowledge of the secret without revealing the secret, there are often suitable protocols built around cryptographic primitives such as MACs and ZKPs.

  2. Vimes

    In other news, the likes of the CIA and NSA face an ever bigger problem of dealing with internal threats thanks to employees working for them that have connections to Al-Qaeda (even though the interview process presumably involves looking into their background).

    So much so that they're spending millions of dollars on it apparently.

    Washington post article

    1. Don Jefe
      WTF?

      Really?

      Holy shit! 1 out of 5 job applicants with backgrounds warranting further investigation were found to have links to terrorist or hostile forces. 1 out of 5? That sounds abnormally, insanely, ridiculously high. If there are that many terrorists who straight up apply to the NSA/CIA then there's bound to be some who get through and are currently employed there.

      What it really sounds like is paranoid overreach; finding terrorists behind every leaf, berry and shrub which is insanely dangerous. Well funded paranoid people are far, far more dangerous that a regular dangerous person.

      I say the safest, most economical solution is to take off nuke the lot of them from orbit: Its the only way to be sure.

      1. Anonymous Coward
        Anonymous Coward

        Re: Really?

        What defines a 'link'? I think American laws allow detailed searches on friends of friends of friends. So are they saying here 1-in-5 applicants knows someone who knows someone who knows someone who once went to a radical Mosque somewhere? That I could believe.

        1. Eddy Ito Silver badge

          Re: Really?

          I'm surprised it isn't higher even going by direct familial ties since it isn't hard really. Regardless of my surname I'm part (not quite half) Irish and little more than a cursory look at the family tree will show a link to the IRA. The Japanese part will undoubtedly find a link to the scourge element circa WW2 who were imprisoned interned in the US and to top it all off, the father in law is a Korean War vet from about the 35 parallel, check the map if you have to. Add it all up and you've got solid links to terrorist or enemy forces and I don't doubt for a minute that a thorough scrubbing won't find worse.

          Hell, even JFK would qualify as one in five by that measure.

          1. CABVolunteer

            Re: JFK @Eddy Ito

            "Hell, even JFK would qualify as one in five by that measure."

            And look what happened to him......

          2. WatAWorld

            Re: Really?

            Yes, but to the Americans it doesn't matter if you are in the IRA, you are only a terrorist if you are Muslim.

            1. Anonymous Coward
              Anonymous Coward

              Re: Really? - it doesn't matter if you are in the IRA,

              Wilson kept us out of Vietnam (for which alone he should stand as one of the greatest Prime Ministers of the 20th century), but a conspiracy theorist might suggest that as a result we got less than enthusiastic support over either the IRA or the Falklands. If by "less than enthusiastic" you include actively allowing the IRA to collect money in places like Boston. By "actively allowing" I mean "with the co-operation of the police", who took a former colleague of mine into "protective custody" when he objected.

              Perhaps we should watch out for the US Marines scaling Gibraltar to give it to Spain.

              1. Eddy Ito Silver badge

                Re: Really? - it doesn't matter if you are in the IRA,

                ... in places like Boston. By "actively allowing" I mean "with the co-operation of the police"

                In Boston! I'm shocked Whitey Bulger would let such a thing happen on his turf. Certainly not in Southie. Oh wait.

          3. Anonymous Coward
            Anonymous Coward

            Re: Really?

            Yes, but do you plan to overthrow the government of the United States by violence?

            And, given these revelations, if not, why not?

            (I'm British, which means that in American eyes I'm a suspicious person anyway).

            1. amanfromMars 1 Silver badge

              Re: Really? as Posted Friday 6th September 2013 08:17 GMT by ribosome

              Yes, but do you plan to overthrow the government of the United States by violence? .... ribosome Posted Friday 6th September 2013 08:17 GMT

              All governments have problems nowadays, and forever more into the foreseeable future, because they are easily overthrown without violence and with intelligence which cannot be countenanced and countered/identified and denied.

              And to be a right dodgy wannabe puppet master and failed government leader and to actively resist and persist in political office with the proposing and clandestine planning of violence on the agenda, makes one a person of foreign intelligence interest and most likely a terrorist wannabe too, no matter how unlikely that be officially and officiously spun in an opposite direction? That would then render one an unsavoury attraction and unnecessary distraction to be classified in/by intelligence circles/chiefs as a legitimate target for prime executive action and removal from the scenery .... and the Great Game Space Place.

              Capiche?

        2. Allan George Dyer Silver badge
          Black Helicopters

          Re: Really?

          "are they saying here 1-in-5 applicants knows someone who knows someone who knows someone who once went to a radical Mosque somewhere?"

          Among applicants for Arabic translation jobs, I would expect a far higher ratio.

          @Vimes, the article doesn't mention Al-Qaeda links, but "hostile intelligence services and or terrorist groups", which probably includes journalists in their eyes.

          1. Vimes

            Re: Really? @Allan George Dyer

            From the first line of the article:

            The U.S. government suspects that individuals with connections to al-Qaeda and other hostile groups

            1. Anonymous Coward
              Anonymous Coward

              Re: Really? @Allan George Dyer

              "And other hostile groups." ..

              There are a lot of US homegrown hostile groups. .McVeigh wasn't a loner. .

          2. MJI Silver badge

            Re: Really?

            Easy to do.

            Lets use GCHQ as an example.

            Been there know what they are about. I knew quite a few workers and ex workers. One of my best friends worked there, they know who I am as a real person, I am not a risk, (he had been reported due to a prank and I was mentioned, demonstarting his electronics skills). Lets just say I have a video tape of me standing on a gate holding a TV aerial pointing at my home, and the tape never left my home.

            Now at work we recently took on a Pakastani chap, he knows a few dodgyish people just by being from there.

            Now would that be considered a risk?

            Here no - none whatsoever.

            Elsewhere?

        3. John Smith 19 Gold badge
          Facepalm

          Re: Really?

          "What defines a 'link'? I think American laws allow detailed searches on friends of friends of friends. So are they saying here 1-in-5 applicants knows someone who knows someone who knows someone who once went to a radical Mosque somewhere? That I could believe."

          In fact if you read the autobiography of one ex spook they look to recruit such people as assets

          It's the whole six-degress-of-separation thing. Some one who know "everyone" knows someone who knows someone who can introduce them to their person of interest.

        4. Tim Jenkins

          Re: Really?

          "So are they saying here 1-in-5 applicants knows someone who knows someone who knows someone who once went to a radical Mosque somewhere?"

          Presumably particularly true if you're trying to recruit young male Muslims, who by definition would be the most useful assets to acquire. Kind of like trying to sign up young male Catholics in Belfast or Derry during the '80s and then rejecting everyone who ever lived in the same street as / went to school with / was related to a Provo...

        5. Anonymous Coward
          Anonymous Coward

          Re: Really?

          Once after doing a job in India, I was taken off to the local temple of Ganesh to make an offering so it would be successful (I am not making this up). Perhaps that means that I have a link to an Indian Kashmiri separatist?

          1. Suricou Raven

            Re: Really?

            Local customs.

            There was an incident years ago where one of the many churches in the US hired a European construction company for their new building - Swedish, I think? In accordance with their ancient custom, they hoisted a tree to the top of the building upon completion. It's an old ritual for good luck, originating in pagan customs many centuries ago, and continued for the sake of tradition. The church owners were not approved: They refused to pay, claiming the pagan ritual had desecrated the church and made it unfit for purpose.

      2. Frumious Bandersnatch Silver badge

        Re: Really?

        It is ridiculously high, but it's no doubt as you said that a combination of paranoia and being able to do such far-reaching network checks tends to throw up many, many false positives.

        Bob Dylan had a song about this. Check out his "Talkin John Birch Blues":

        http://en.wikipedia.org/wiki/Talkin%27_John_Birch_Paranoid_Blues

        http://www.youtube.com/watch?v=AylFqdxRMwE

        OK, it was Communists then, Terrorists now, but plus ça change ...

        1. tom dial Silver badge
          Stop

          Re: Really?

          Exactly why is it "ridiculously high"? The value to a spy of employment at CIA, DIA, NSA, FBI, DHS or others, whether alQaida or other, would be extremely high, and numerous attempts should not be a surprise. Other matters such as poor financial habits and undisclosed sexual activities and preferences that could lead to blackmail possibilities presumably would account for many questionable cases, but a great many of them would self-select out. The attempted moles would not, and therefore would be greatly overrepresented.

        2. Tim99 Silver badge
          Black Helicopters

          Re: Really?

          @Frumious Bandersnatch

          [OK, it was Communists then, Terrorists now, but plus ça change ...]

          Yes, but since then, the Communists were declared to have been beaten, so we need a new bogeyman. The good news for the "intelligence" and military businesses is that the "War on Terror" has no well defined enemy and no way of measuring victory - Now the war can last indefinitely.

          -

          "The purpose of the unwinnable, perpetual war is to consume human labour and commodities, hence the economy of a super-state cannot support economic equality (a high standard of life) for every citizen".

          Ref: the fictional book "The Theory and Practice of Oligarchical Collectivism, by Emmanuel Goldstein" in Eric Blair's "Nineteen Eighty-Four".

          1. psychonaut

            Re: Really?

            Eric Blair? Has history been altered by the miniTruth already? I seem to remember a different author. I should probably be vanished for my heresy

            1. Tim99 Silver badge
              Big Brother

              Re: Really?

              @psychonaut

              Link for Eric Blair - George Orwell

              "Eric Arthur Blair (25 June 1903 – 21 January 1950) known by his pen name George Orwell, was an English novelist, essayist, journalist and critic. His work is marked by lucid prose, awareness of social injustice, opposition to totalitarianism and commitment to democratic socialism".

          2. Robert Helpmann?? Silver badge

            Re: Really?

            Yes, but since then, the Communists were declared to have been beaten, so we need a new bogeyman.

            So what comes next after the terrorists? The Iranians? North Korea? BRIC nations? Baby seals? It's good to have options.

      3. Dan 55 Silver badge
        Alert

        Re: Really?

        Reds under the bed.

      4. Anonymous Coward
        Anonymous Coward

        Re: Really?

        Have a bit of a think about how you might define 'terrorist' or 'hostile force' if you were clinically insane. Then it's not such a stretch.

      5. T. F. M. Reader Silver badge

        Re: Really?

        To be fair, it's 1 out of 5 among those applicants flagged for some unspecified irregularities, reportedly a small subset of the total - not 1 out of 5 applicants overall. And in this particular case I would expect a bias toward investigating possible false positives.

      6. Chemist

        Re: Really?

        "The CIA found that among a subset of job seekers whose backgrounds raised questions, roughly one out of every five had “significant terrorist and/or hostile intelligence connections,”"

        Where does this state that 1 in 5 of ALL applicants have a connection to terrorism ?

        1. Tom 13

          @ Chemist

          Now, now.

          I would think someone as world-wise as you would know better than to get in front of a two minute hate.

          Did you also notice the weasel phrase "circumvented or cracked" which is quickly shortened to just plain "cracked" and on which the rest of the article focuses? Given national laws, I expect it would be quite simple to circumvent banking encryption by just issuing a National Security Letter.

          1. Chemist

            Re: @ Chemist

            "I would think someone as world-wise as you would know better than to get in front of a two minute hate."

            ??

      7. John Smith 19 Gold badge
        Happy

        "..solution is to take off nuke the lot of them from orbit: Its the only way to be sure."

        That would be America*

        AFAIK CIA entry is only open to US citizens.

      8. This post has been deleted by its author

      9. This post has been deleted by its author

      10. Levente Szileszky
        FAIL

        Calm down, Speedy... Re: Really?

        ...yes, really, it's just your reading comprehension issue, no need for a heart attack:

        “Over the last several years, a small subset of CIA’s total job applicants were flagged due to various problems or issues,” one official said in response to questions. “During this period, one in five of that small subset were found to have significant connections to hostile intelligence services and or terrorist groups.”

        One-fifth OF THAT SMALL SUBSET of all aplicants. Got it?

      11. Richard Jones 1
        Holmes

        Re: Really? No

        It said that 1 in 5 who raised a 'search eyebrow' had suspect connections so lets look at that.

        Say you check 10,000 staff, 9,800 show nothing to worry about (that may or may not be a good thing, have you missed something?).

        It means 200 raise issues which require further investigation, of these 1 in 5 throw up serious doubts i.e. out of the original 10,000 you find 40.

        Now those are made up figures not from official sources, the real ones may be higher or lower but simply show that care is needed when reading statistics.

        1. Intractable Potsherd Silver badge

          Re: Really? No @ Richard Jones 1

          "It said that 1 in 5 who raised a 'search eyebrow' had suspect connections so lets look at that ... [They] simply show that care is needed when reading statistics."

          You are right - it is important to read exactly what is written, and what is missing. However, it is conceivable that the alphabet agencies intend that the figure will be read as "1 in 5 applications" so that the average punter will think "Gosh, look how many bad people there are threatening our safety! How can anyone question what they are doing?"

      12. John Sager
        Black Helicopters

        Re: Really?

        Looks like the ghost of James Jesus Angleton stalks the halls of Langley again, and Ft Meade.

      13. Gordon 10 Silver badge
        Thumb Up

        Re: Really?

        Cool - the new party game. Six degrees of Al Qaeda. In your face Kevin Bacon.

      14. Skizz

        Re: Really?

        Statistical ignorance strikes again!

        1 out of 5 job applicants with backgrounds warranting further investigation

        That sounds abnormally, insanely, ridiculously high

        What you've missed is the fact that we're not given a figure for the number of "applicants with backgrounds warranting further investigation". If only 1% of applicants warrant further checks then "1 in 5" becomes 0.2% of all applicants. The 1% figure is something I made up, it's probably much lower for a job like this as the initial checks are probably very thorough.

      15. plrndl

        Re: Really? @ Don Jefe

        The agencies need ethnically diverse employees to increase their chances of penetrating terrorist groups.

        The terrorists have a vested interest in getting people inside these agencies.

        Six degrees of separation?

    2. Graham Marsden
      WTF?

      Presenting - The Ghost of Senator Joe McCarthy

      "the nature of the connections was not described in the document."

      Hmm: "Are you, or have you ever been connected to Al Qaeda, Hezbollah, Hamas, or have you ever watched a documentary about them on TV...?"

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019