Category: NSA

Aug 21 2015

NSA preps quantum-resistant algorithms to head off crypto-apocalypse

The National Security Agency is advising US agencies and businesses to prepare for a time in the not-too-distant future when the cryptography protecting virtually all e-mail, medical and financial records, and online transactions is rendered obsolete by quantum computing.

Quantum computers have capabilities that can lay to ruin all of the public-key cryptographic systems currently in use. These capabilities, which aren't known to be present in the classical computers of today, include the ability to almost instantly find the prime factors of extremely large numbers, using a method called Shor's algorithm. Quantum computing is also believed to be capable of tackling other mathematical problems classical computers can't solve quickly, including computing discrete logarithm mod primes and discrete logs over elliptic curves.

The difficulty of factoring and computing discrete log primes and elliptic curve discrete logs play an essential role in cryptographers' confidence in RSA, elliptic curve cryptography, and other public-key crypto systems. When implemented correctly, most scientists and cryptographers believe that the crypto can't be defeated with today's computers before the end of the universe.

Read 11 remaining paragraphs | Comments

Aug 11 2015

The NSA Playset: Espionage tools for the rest of us

When Der Spiegel and Jacob Appelbaum published leaked pages of the National Security Agency's ANT Catalog—the collection of tools and software created for NSA's Tailored Access Operations (TAO) division—it triggered shock, awe, and a range of other emotions around the world. Among some hardware hackers and security researchers, it triggered something else, too—a desire to replicate the capabilities of TAO's toolbox to conduct research on how the same approaches might be used by other adversaries.

In less than 18 months since the catalog's leak, the NSA Playset project has done just that. The collection boasts over a dozen devices that put the power of the NSA's TAO into the hands of researchers. Project creator Michael Ossmann—a security researcher, radio frequency hardware engineer, and founder of Great Scott Gadgets—detailed the tools at a presentation during the Black Hat conference in Las Vegas last week, and he talked with Ars more about it this past weekend at DEF CON 23.

Many of the software components of the 50-page ANT catalog were things that had already been developed by security researchers. Some of the discovered capabilities appeared to stem from off-the-shelf hardware (or its equivalent) and software similar to existing tools; they were simply combined in a package suitable for spy work. But other pieces of hardware in the NSA's catalog appeared to have no openly available equivalent—such as wireless bugs planted in computer cables or connectors. Some of those bugs were radio "retro-reflectors," wiretaps that only broadcast data when hit by a directed radio signal. (It's similar in concept to "The Thing"—the infamous bug Soviet spies planted inside the US Embassy in Moscow.)

Read 6 remaining paragraphs | Comments

Jul 22 2015

Obama administration decides not to blame China publicly for OPM hack

US government officials are nearly certain that the Chinese government was involved in the theft of sensitive personal information about millions of government employees, members of the US military, and employees of government contractors requiring background checks or security clearances from the systems of the Office of Personnel Management. But according to a report by the Washington Post, the Obama administration has decided to not publicly and officially call out China for the attack—in part because it might require the administration to reveal some of the US' hacking of China to make the case, and expose other information intelligence and warfare capabilities of the National Security Agency, Department of Homeland Security, and FBI.

Ellen Nakashima, the Post's national security reporter, citied anonymous conversations with officials involved with the White House's decision-making process surrounding the OPM, and reported that the administration "has not ruled out economic sanctions or other punitive measures" for the theft of data from OPM. But US officials, including Director of National Intelligence James Clapper, have "even expressed grudging admiration for the OPM hack, saying US spy agencies would do the same against other governments," she reported.

Part of the calculus that went into the decision, one official told Nakashima, was that “we don’t see enough benefit in doing the attribution at this point to outweigh whatever loss we might [experience] in terms of intelligence-collection capabilities.” Another official said that the White House might opt to simply put sanctions in place under other justifications, and then privately communicate to the Chinese government that the sanctions were in fact in retaliation for the OPM hack.

Read 2 remaining paragraphs | Comments

Jul 01 2015

WikiLeaks: New intelligence briefs show US spied on German leader

On Wednesday, WikiLeaks published two new top-secret National Security Agency briefs that detail American and British espionage conducted against German leaders as they were discussing responses to the Greek economic crisis in 2011.

The organization also published a redacted list of 69 German government telephone numbers that were targeted for snooping. That list includes Oskar Lafontaine, who served as German finance minister from 1998 to 1999, when the German government was still based in Bonn—suggesting that this kind of spying has been going on for over 15 years at least.

As with the recent documents concerning NSA spying against France, WikiLeaks did not explain how it obtained the documents. However, it did share them with Greek, French, and German-language media, which all published them simultaneously on Wednesday evening, Europe time.

Read 9 remaining paragraphs | Comments