NSA’s pipe dream: Weakening crypto will only help the “good guys”

Aurich Lawson / Thinkstock

Ever since Edward Snowden began leaking National Security Agency (NSA) secrets earlier this year, President Obama has insisted that they weren't "whistle blowing" in any useful sense because they didn't reveal any abuses. Instead, they simply revealed secret programs that were:

  • Operating with rigorous NSA oversight and without real problems;
  • Extensively vetted by the secret Foreign Intelligence Surveillance Court (FISC);
  • In compliance with US law, which didn't need any significant changes; and
  • Generally speaking, a good idea.

For instance, here was Obama at an August 9 press conference at the White House, answering a couple of questions from journalists about the NSA's programs.

And if you look at the reports, even the disclosures that Mr. Snowden's put forward, all the stories that have been written, what you're not reading about is the government actually abusing these programs and, you know, listening in on people's phone calls or inappropriately reading people's e-mails. What you're hearing about is the prospect that these could be abused. Now part of the reason they're not abused is because they're—these checks are in place, and those abuses would be against the law and would be against the orders of the FISC.

As for any needed changes, they were minor. Obama's team already made some small modifications of its own—"some bolts needed to be tightened up on some of the programs," was how he put it. His changes involved things like more "compliance officers." But the programs and the laws they rested on were fine. Still, in the spirit of having a "discussion," Obama agreed that "people may want to jigger slightly short of the balance between the information that we can get versus the incremental encroachments on privacy" that might be possible "in a future administration or as technology's developed further." (Remember, everything now is fine!)

Read 12 remaining paragraphs | Comments


NSA attains the Holy Grail of spying, decodes vast swaths of Internet traffic

The National Security Agency (NSA) and its British counterpart have successfully defeated encryption technologies used by a broad swath of online services, including those provided by Google, Facebook, Microsoft, and Yahoo, according to new reports published by The New York Times, Pro Publica, and The Guardian. The revelations, which include backdoors built into some technologies, raise troubling questions about the security that hundreds of millions of people rely on to keep their most intimate and business-sensitive secrets private in an increasingly networked world.

The reports, published simultaneously by the NYT, Pro Publica, and The Guardian, are based on newly disclosed documents provided by former NSA contractor Edward Snowden. They reveal a highly classified program codenamed Bullrun, which according to the reports relied on a combination of "supercomputers, technical trickery, court orders, and behind-the-scenes persuasion" to undermine basic staples of Internet privacy, including virtual private networks (VPNs) and the widely used secure sockets layer (SSL) and transport layer security (TLS) protocols.

"For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies," the NYT reported, quoting a 2010 memo describing a briefing of NSA capabilities to employees of the Government Communications Headquarters, or GCHQ. "Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."

Read 8 remaining paragraphs | Comments


Snoops can identify Tor users given enough time, experts say

A recent academic paper (PDF) shows “that Tor faces even greater risks from traffic correlation than previous studies suggested.” In other words, one of the world’s best tools for keeping online speech anonymous is at risk in a previously known—but now even clearer—fashion.

In the wake of a recent uptick of Tor usage (whether from a botnet or from people inspired by former National Security Agency [NSA] contractor Edward Snowden), a reminder of these risks is certainly germane to today’s Internet.

The new research has shown that a potential adversary with control of Internet Exchange Points (IXPs) or autonomous systems (ASes) that have large-scale network control (like an ISP), could expose and identify a Tor user, given enough time.

Read 10 remaining paragraphs | Comments


Sudden spike of Tor users likely caused by one “massive” botnet

Tor Project

Researchers have found a new theory to explain the sudden spike in computers using the Tor anonymity network: a massive botnet that was recently updated to use Tor to communicate with its mothership.

Mevade.A, a network of infected computers dating back to at least 2009, has mainly used standard Web-based protocols to send and receive data to command and control (C&C) servers, according to researchers at security firm Fox-IT. Around the same time that Tor Project leaders began observing an unexplained doubling in Tor clients, Mevade overhauled its communication mechanism to use anonymized Tor addresses ending in .onion. In the week that has passed since Tor reported the uptick, the number of users has continued to mushroom.

"The botnet appears to be massive in size as well as very widespread," a Fox-IT researcher wrote in a blog post published Thursday. "Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor users increase."

Read 6 remaining paragraphs | Comments