back to article Reports: NSA has compromised most internet encryption

The NSA and the GCHQ have compromised much encryption used on the internet through a potent mix of technological theft, spycraft, and collaboration with major technology companies, according to new reports. In a series of news articles that highlight how the code-breaking crypto-fiddling agencies NSA and GCHQ are doing their …

COMMENTS

This topic is closed for new posts.

Page:

          1. Anonymous Coward
            Black Helicopters

            Re: Which begs the question.. @json 03:10

            What username and icon do you see for this post?

            1. richard 7

              Re: Which begs the question.. @json 03:10

              http://www.realitytech.co.uk/rich/anon.png

              Something isnt right then...

  1. arkhangelsk

    This kind of governmental cheating

    by all parts of government won't stop because there no penalties are ever imposed. At best when caught the legislature passes the equivalent of a Cease and Desist, and if we are extremely lucky the involved government agency would even follow it for awhile. If it even gets to the point where the head resigns to "take responsibility" ... that's half a miracle (it happens more in Japan, seemingly less in the West).

    What should be passed are new acts that say any governmental agency that gets caught breaking or abusing the rules are subject to decimation (as in 1/10th of the employees get fired, even split between top and bottom post), plus at least a 20% reduction in budget for the next 5 years. With real penalties should come improvements.

    1. Anonymous Coward
      Anonymous Coward

      Re: This kind of governmental cheating

      Fired? Hell no, I think executed would be better.

    2. Charles 9 Silver badge

      Re: This kind of governmental cheating

      "What should be passed are new acts that say any governmental agency that gets caught breaking or abusing the rules are subject to decimation (as in 1/10th of the employees get fired, even split between top and bottom post), plus at least a 20% reduction in budget for the next 5 years. With real penalties should come improvements."

      Ever heard of "Screw the rules, I MAKE them"? That's the problem here. Like it or not, when it's the lawMAKERS (in concert) working against you, you lose.

      1. Don Jefe
        Unhappy

        Re: This kind of governmental cheating

        Part of the philosophy underlying democracy says that lawmakers should not be punished for their actions if it can be shown they believed their actions to be in the best interests of the people. The idea being that if your enemy were elected tomorrow he couldn't prosecute you for your actions while in office, therefore you have nothing to fear from future administrations. It falls back at that point to being the fault of the people who elected that person if that person does something horrible.

        Democracy has many good points but accountability for elected leaders is not one of them. Not only is is not included, it is actively guarded against it ever being included. It kind of sucks.

        1. Anonymous Coward
          Anonymous Coward

          Re: This kind of governmental cheating

          Democracy also pretty much requires an informed electorate. But when one informed vote is overruled by ten mindless sheep, you have a big problem.

          Hate to say it, but universal suffrage was a mistake. Not that denying women was a good thing, either, but it should only be given to those who know what the blank is going on.

  2. jake Silver badge

    DUH!

    Mine from Feb. 2009:

    http://forums.theregister.co.uk/forum/containing/429562

    Also from Feb. 2009:

    http://forums.theregister.co.uk/forum/containing/430421

    1. Anonymous Coward
      Anonymous Coward

      Re: DUH! @jake

      So, a statement of the obvious and another claim about your activities. You desperately want people to applaud you, don't you?

      1. jake Silver badge

        Re: DUH! @jake

        Honestly, AC, I don't care about AC comments slagging me off. But if you get off on it, who am I comment? Enjoy your fun. Maybe, eventually, you'll learn something & find a life. Hopefully I will have helped you along the way.

        1. Anonymous Coward
          Anonymous Coward

          Re: DUH! @jake

          Jake in being-pompous-patronising-ass shocker.

          Different ac.

          1. jake Silver badge

            Re: DUH! @jake

            Having fun, AC 07:29?

            At least I have a face. You do not. Seriously, think about it.

  3. Anonymous Coward
    Black Helicopters

    I wonder

    How many people realize that SE Linux (secured Linux) is in fact: NSA SE Linux?

    For good or bad; I don't know. But it sure got a very weird ring to it as of late.

    1. Michael Habel Silver badge

      Re: I wonder

      Prepare for massive down Votes....

      The last time 'round I pointed it out. I got like Two Up Votes.... Then it kinda went south from there....

      Like I said then....

      1) "The Code is vetted!"... ~By who? Who watches the Watchmen?~

      2) "Do these People know what every "bit" does?" I mean are those People able to find such cleverly hidden Code?

      1. Charles 9 Silver badge

        Re: I wonder

        1) "The Code is vetted!"... ~By who? Who watches the Watchmen?~

        By people OUTSIDE the US, who can't be influenced by the US.

        2) "Do these People know what every "bit" does?" I mean are those People able to find such cleverly hidden Code?

        You'd be surprised at the thoroughness of some bug hunters, especially if money or prestige are involved.

        1. Marketing Hack Silver badge
          Black Helicopters

          @ Charles 9

          How do you know they can't be influenced by the U.S.? Who else who is in league with the U.S. might also be able to influence these people outside the U.S.?

  4. Anonymous Coward
    Anonymous Coward

    Classified TV drama

    When they start co-ordinating program names like "Edgehill" and "Bull Run" for illegal snooping, you have to wonder if you're living in a worse than average Robert Ludlum novel or a 'hard hitting' ITV thriller for which they've pushed the boat out and hired Sean Bean.

    Given the undemocratic, illegal and unwarranted power this gives to a few unelected, unaccountable individuals, I doubt they'd even need black helicopters to cause chaos. Whatever Kleptocracy-by-coup they have in mind, I don't fancy it.

    1. Intractable Potsherd Silver badge

      Re: Classified TV drama

      When I saw the codename of the GCHQ program is "Edgehill" I got worried. It was the first pitched battle in the English Civil War ... https://en.wikipedia.org/wiki/Battle_of_Edgehill

      1. Anonymous Coward
        Anonymous Coward

        Re: Classified TV drama

        ... as "Bull Run" was the first battle of the American Civil war. Either 'they' know who they're real enemy is, or someone with a perverse sense of humour is pulling the tail of the propeller/tinfoil hatted and anyone else with the most tenuous grasp of history.

        It must all look very omniscient and testosteronally powerful now to the NSA + friends, but then I'm sure the Stasi felt that same sense of invulnerability before their files were opened. History has a habit of biting back in the long run.

  5. Anonymous Coward
    Anonymous Coward

    What I like about all this NSA & GCHQ fiasco is that PRISM has been used to destroy British jobs in favor of US jobs ... I know from reliable sources, top execs, that a big aircraft manufacturer has lost some deals due to PRISM intelligence ... the aircraft manufacturer employs Brits in the UK. It also makes the Brits look like traitors to other EU countries - not that most Brits really care.

    Sorry for the sad news, Tommies...

    1. Anonymous Coward
      Anonymous Coward

      that a big aircraft manufacturer has lost some deals due to PRISM intelligence

      What do you expect? Only a naive British politician would think that the special relationship was bidirectional. And Boeing is part of the MIC that Eisenhower warned about.

      Interesting how Ed Miliband can suddenly become popular by saying "no" to the Americans (who are now trying to humiliate us abroad). Given Farage jumping on the bandwagon (and then claiming to have started it) I do wonder whether anti-Americanism is going to spread from the Middle East to Britain, and feature in the next election.

  6. Anonymous Coward
    Anonymous Coward

    Skype

    I found it odd at the time that Microsoft spent so much on Skype. Did the NSA twist their arm a bit to bring it under US control?

    1. Dan 55 Silver badge

      Re: Skype

      eBay wasn't under US control?

      Although MS can do so much more with it (include it in everything).

  7. T. F. M. Reader Silver badge

    Solutions?

    I never regarded, say, SSL as secure. Nothing that is based on trusting a third party - or a chain thereof - can be secure. Those third parties can be compromised. It sounds like *open source* PGP/GPG implementations are still secure (modulo heretofore unknown bugs), but only if you encrypt/decrypt on a completely air-gapped computer, sneakernet the encrypted stuff to/from a connected machine, and send/receive from there.

    Even in that case the "adversaries" will still have the metadata. Given how few of your normal correspondents would be willing (or capable) to go through the hassle and never, ever break the routine, you - both of you - are likely to be flagged as "a persons of interest" simply for adhering to the procedure.

    Exchanging keys securely will remain a problem.

    Travel will be very complicated, too - a new pair of computers each time you are stopped at Heathrow?

    Is there a way out at all besides dropping off the grid?

    I repeat the assertion I think I made in these forums once or twice before: laws must be enacted - in those countries where here remains some semblance of an influence by citizens on lawmakers - to make wholesale surveillance without a specific target supported by a judicial warrant completely illegal and severely punishable. We should not be worried about the negative impact on terrorism prevention - terrorism is not a serious threat to begin with, and is incomparable with the threat to privacy that we are all facing.

    If anyone invents a way to read my mind from a distance that should be made illegal, too. I insist.

    1. arkhangelsk

      Re: Solutions?

      We think among similar lines - the problem is that what's doing it is an agency. Even if you do somehow catch them, they would blur the lines of responsibility enough that you won't be able to identify one or a few people to indict, or if that starts to fail in the best, best case they'll throw up some midrank guy senior enough to be vaguely plausible but not powerful enough to be resist or be the Real Culprit (he's following orders himself).

      What do you think of my idea of making agencies truly accountable (as in actually making them bleed) for violations?

      1. T. F. M. Reader Silver badge

        Re: Solutions?

        An agency cannot be sent to prison, obviously. I think we, as a society, should strive to create a moral and legal environment that will make wholesale surveillance unacceptable. I do think that most of the people at NSA and GCHQ are decent and moral, and I do think that they do a very important job for their countries. Quite a few of them could probably get high-paying jobs elsewhere but their somewhat old-fashioned but commendable values and loyalties tell them that their work is important and worthwhile.

        At the moment, the PRISMs and the Bullruns and the Edgehills are deemed perfectly legal and within the ambit of the agencies' chartered activities, and it is a big step indeed for people who are fundamentally loyal to their countries and their colleagues to betray the loyalty and the oaths and to break the law and do what Snowden did.

        Now, the real problem with the wholesale hoovering up the data and metadata is the possibilities of abuse. Those possibilities are numerous, inevitable, and exist at different levels, from personal to political. Imagine that both the accepted morals and the laws say that if you - a government employee - engage in mass (or targeted, but unauthorized) collection of data (just gathering, not "collection" as defined by Mr Clapper) you are a crook breaking the law, and the agency responsible for national security is not supposed to do it because the activity is actually detrimental to the general security of society. I would hope that it would not be easy to engage in such illegal activities inside spy agencies most of whose employees are not crooks but decent, moral people.

        The above hope may be naive, but it seems to me to be the only hope. If the society and national security agencies are fundamentally indecent and immoral then off the grid we should go, don't you think?

  8. collinsl
    FAIL

    Ironic Much?

    To the bottom-right of this article is an ad for...

    GCHQ recruitment.

    Ironic much?

  9. Guillermo Lo Coco

    Do you remember when kernel.org went down ?

    I start to think about some intrusion & modification in some parts (rnd,crypto,..) to make it in some way nsa-backdoored.

    A kind of such attack will be planned long time before to make sure md5 not fail revealing what was modified.

  10. Mystic Megabyte Silver badge

    Paypal and Mailpile

    I presumed that PayPal was leaned on by the spooks to hinder the Mailpile project but in an update they have released the money.

    I will be looking for alternative payment methods regardless.

    http://arstechnica.com/business/2013/09/paypal-freezes-45000-of-mailpiles-crowdfunded-dollars/

    As for the NSA/GCHQ situation it all sounds good if you have an accountable government but not if a tyrant takes control. Then you will have the Gestapo with unlimited power to search for and locate you.

    The problem is that we do not really have accountable governments, it just appears to be.

  11. Anonymous Coward
    Anonymous Coward

    Who Exactly is Freaking Out About This?

    I suppose a lot of people do care (I do), but to be honest this isn't exactly an issue my friends are discussing on Facebook. I wonder how much ordinary people feel effected by this? I get the impression most people (despite the media coverage) either think it is a good thing (& trust the government to use it to catch the bad guys) or don't know or care enough. I think you will find every country in the world does this on some level & that it has gone on for a long time. They would want to keep it secret but now it is out in the open I don't think the whole world is going paranoid. Actually there seems to have been rather a mute reaction (though it maybe to do with the fact most British newspapers are ignoring it, either because of government request or because they're not as hysterical about it as the Guardian seem).

    1. Justicesays
      Megaphone

      Re: Who Exactly is Freaking Out About This?

      I'm not sure what country you live in.

      From my POV, GCHQ, my own countries spy agency, knows that almost every COTS encryption used by the British Government, its commercial industries , and by influential people from every walk of life (including MPs) is worthless when used against the NSA (and anyone else who has discovered those back doors via leaks or investigation).

      In the meantime, the NSA watches on as the GCHQ develop the capability to hack large US providers.

      And then what?

      Teams of Americans in the US spying wholesale on everyone of interest in the UK. If they spot any illegal activities by a pleb they flag that up to GCHQ who then go get a warrant (if they still need those). If what they spot is commercially sensitive or potential blackmail material on someone of importance, then they pass that onto the Department of Commerce, or squirrel it away for later use. After all, you never know when you might need a bit more leverage on a British MP (or PM) .

      And of course, lets have the GCHQ perform a similar role for the NSA, except that the GCHQ capability is much more limited and apparently not yet completed. And I'm guessing some quiet words have been had with people in positions of actual power in the US about what not to use. I'm not sure we can say the same about British MPs etc.

      Maybe the NSA revealed this on the proviso that GCHQ wouldn't tell anyone about it , but "promised" not to spy on any non-terrorists in the UK. And if the US gives you a dollar and a promise, well, at least you got a dollar.

      In summary, these spy agencies are colluding with each other to spy indirectly on their own citizens, and don't give a shit about the implications of this for their own citizens security. And as the relationship appears to be a lot more weighted towards the US, it's the UK that is getting screwed over the most.

      Next time we go to war with someone at the US's behest, ask yourself if that decision was influenced by some private bit of embarrassing data somewhere that would make sure someone would never be elected again if it came out.

      And of course you don't have to take the step of blackmailing people in most cases. If you feel someone might not be suitable in a certain position, and would likely go public to reveal the blackmail rather than roll over, then just leak the info anyway , to the press or their party/company. Then watch them vanish, leaving the way open for someone more palatable.

      1. ian 22

        Re: Who Exactly is Freaking Out About This?

        NSA and GCHQ colluding? See UKUSA (http://en.wikipedia.org/wiki/UKUSA_Agreement). This is old stuff, and almost obviated by the PATRIOT act.

  12. Rab Sssss

    well considering

    that gahtering electronic intel is their job working on breaking encryption is something they should be doing.

    This however in no way excuses abusing access, two differnt things.

  13. miket82

    McCarthy

    Here we go again.

  14. Arachnoid

    Yet despite all this

    The world still is a dangerous place so what actual real effect does this all have on real life?

  15. Grahame 2

    Bull Run & Edgehill - Civil War?

    Interesting choice of code names. Bull Run, major early battle of American Civil War. Edgehill, major early battle of English Civil War.

    I think that gives us some insight into whom our respective intellegence agency perceive as the enemy.

    1. This post has been deleted by its author

    2. David Pollard

      Re: Bull Run & Edgehill

      Does the use of Edge Hill as a codename imply that GCHQ only does partial decryption?

      http://www.urbandictionary.com/define.php?term=get%20off%20at%20edge%20hill

    3. Intractable Potsherd Silver badge

      Re: Bull Run & Edgehill - Civil War?

      I'd spotted the Edgehill significance, but didn't know about Bullrun. Thanks for the information, though it doesn't make me any happier ...

  16. Michael Habel Silver badge

    I find this about as much of a revelation that, the Sky is still Blue, and the NSA is spying on you.

    1. SD24576

      I guess the knowledge of backdoors in common encryption products etc does reiterate the importance and value of open source software.

  17. Wulfy

    Private circuts

    No such thing as private circuits i've been to the main BT comms center and they were working on bypassing and monitoring secure traffic years back and quiet proud they could see a lot of encrypted content and would happily hand over any data requested via the legal channels so this stuff isnt new at all

  18. Zot

    Neighbourhood has a 'u' in it.

    I thought this was a UK site?

    1. jake Silver badge

      @Zot (was: Re: Neighbourhood has a 'u' in it.)

      You thought wrong, but enjoy your bliss.

    2. This post has been deleted by its author

  19. M7S

    I think Infosec next year will be very interesting

    as vendors of systems try to work out how to prove absolutely that their systems are compromised neither by design (collaboration/back door) nor theft (of the key, difficult at the best of times) nor cracking (insecure/defective standards etc). After all that's what they're trying to sell us so that we can assure our own bosses/customers that we as IT departments are being dilligent.

    I expect to see an awful lot of "we would comply with any lawful request/court order and cannot comment further" type statements to be boilerplated onto their responses, which in light of recent articles should be treated with the contempt they deserve.

    Other interesting consequences of this might be that if the companies/products/technologies are named and (if appropriate) shamed, then as well as a possible drop in sales, there might be some legal actions for refunds from past customers or even possibly, if a key has been (as is alleged) stolen from a security product vendor by the NSA or at least obtained in a less than honest manner (I've no idea of the points to prove in the USA for their equivalent of theft) then maybe there will be a case by a vendor for damages against the NSA (even if only for "damage to reputation"), although given how retrospective legislation apparently allowed the warrantless wiretapping to be swept under the carpet, I'm not exactly holding my breath.

  20. John Smith 19 Gold badge
    Unhappy

    And yet still impossible to crack Sky Digital.

    Seems like it's developers knew WTF they were doing

    1. A J Stiles
      Coat

      Re: And yet still impossible to crack Sky Digital.

      Oh, it's possible alright. But everyone who ever did it somehow disappeared mysteriously.

  21. This post has been deleted by its author

  22. Anonymous Coward
    Anonymous Coward

    Trustwave were doing MITM commercially in 2012

    F* knows how longs the CAs have been doing it for gov/law enforcement

    http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019