NSA’s ‘Secret War on Encryption’ Exposed

By Tiffany Trader

September 9, 2013

Documents made public by former intelligence analyst Edward Snowden reveal that the National Security Agency (NSA) has thwarted or circumvented many of the privacy safeguards of the Internet as part of a highly classified program codenamed Bullrun.

“The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion,” stated The New York Times piece, a collaborative reporting endeavor between The New York Times, Britain’s Guardian newspaper and the nonprofit news website ProPublica.

“The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show,” the article continued.

The Times piece asserts that after the government lost a 1990s campaign to place a back door in all encryption software, it set out to achieve the same goal using a variety of covert tactics, codified in the top secret Bullrun program.

The agency built ultra-powerful supercomputers, customized for code breaking, and also established clandestine relationships with technology companies to insert secret access points in their products. Some of these (unnamed) companies, according to the report, say they were forced to cooperate, compelled by court orders and silenced by gag orders.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” notes a 2010 memo describing the NSA activities to employees of its British equivalent, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

Another financial-related memo provides further evidence still:

“We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” wrote the director of national intelligence, James R. Clapper Jr., in his budget request for the current year.

So does this mean that encryption software is pointless? This is definitely not the case, according to cryptography professionals interviewed by MIT Technology Review. The algorithms themselves are secure, and this fact is precisely why the NSA had to engage in workarounds such as obtaining master encryption keys and installing back door access.

“The whole leak has been an exercise in ‘I told you so,’ ” says Stephen Weis, CEO of server encryption company PrivateCore, who previously worked as a security expert at Google. “There doesn’t seem to be any kind of groundbreaking algorithmic breakthrough, but they are able to go after implementations and the human aspects of these systems.”

Snowden himself said that “properly implemented strong crypto systems are one of the few things you can rely on.”

While the NSA used supercomputers to crack weaker encryption schemes, if it truly had the power to break higher-bit encryption, it would not have had to force companies to enable a peak behind the curtains.

After a careful analysis of the source documents used in the Times report, security expert Bruce Schneier wrote in the Guardian that people should still “trust the math” that undergirds cryptography.

Still, the Times report makes it clear that just because a communication is encrypted does not mean that it is secure. MIT Technology Review points out a few countermeasures, such as a technique called perfect forward in which keys aren’t reused. Several companies, including Google, have employed this approach.

As for the NSA’s use of supercomputers to break codes, this is not really news. Code-breaking has been part of the agency’s mission since it launched (secretly, natch) in 1952. “The problem,” according to The New York Times’ Nicole Perlroth, “is now it’s no longer targeted.” Instead of just honing in on the bad guys, the focus is on everyday communications.

As supercomputers become more powerful, they can break more complex codes. The most commonly used encryption, SSL, relies on the trusted RSA encryption algorithm with mathematical keys 1,024 bits long. Experts caution that longer keys are needed to guard against the code breaking resources of the government or a large business.

Tom Ritter, a cryptographer with iSec Partners, states that “RSA 1024 is entirely too weak to be used anywhere with any confidence in its security.”

Security professionals have been banging the drum for stronger security protocols, but companies have been slow to act. Facebook and Google, for example, just recently switched to a stronger encryption scheme.

With the Times report, now there is hard evidence where previously there were only strong suspicions. Companies can beef up their encryption, but that still leaves the other aspects of the revelations, the “behind-the-scenes persuasion,” the back doors and secret vulnerabilities.

On one side, intelligence agencies claim that deciphering encryption is crucial to counter-terrorism, while security experts, like Schneier argue that “cryptography forms the basis for trust online.”

“By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet,” remarks Schneier.

Related Items

NSA Expands Academic Cyber Initiative

DOE Supercomputer Hack Results in Guilty Plea

Blue Waters: Security at Scale

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

InfiniBand Still Tops in Supercomputing

July 19, 2018

In the competitive global HPC landscape, system and processor vendors, nations and end user sites certainly get a lot of attention--deservedly so--but more than ever, the network plays a crucial role. While fast, perform Read more…

By Tiffany Trader

HPC for Life: Genomics, Brain Research, and Beyond

July 19, 2018

During the past few decades, the life sciences have witnessed one landmark discovery after another with the aid of HPC, paving the way toward a new era of personalized treatments based on an individual’s genetic makeup Read more…

By Warren Froelich

WCRP’s New Strategic Plan for Climate Research Highlights the Importance of HPC

July 19, 2018

As climate modeling increasingly leverages exascale computing and researchers warn of an impending computing gap in climate research, the World Climate Research Programme (WCRP) is developing its new Strategic Plan – and high-performance computing is slated to play a critical role. Read more…

By Oliver Peckham

HPE Extreme Performance Solutions

Introducing the First Integrated System Management Software for HPC Clusters from HPE

How do you manage your complex, growing cluster environments? Answer that big challenge with the new HPC cluster management solution: HPE Performance Cluster Manager. Read more…

IBM Accelerated Insights

Are Your Software Licenses Impeding Your Productivity?

In my previous article, Improving chip yield rates with cognitive manufacturing, I highlighted the costs associated with semiconductor manufacturing, and how cognitive methods can yield benefits in both design and manufacture.  Read more…

U.S. Exascale Computing Project Releases Software Technology Progress Report

July 19, 2018

As is often noted the race to exascale computing isn’t just about hardware. This week the U.S. Exascale Computing Project (ECP) released its latest Software Technology (ST) Capability Assessment Report detailing progress so far. Read more…

By John Russell

InfiniBand Still Tops in Supercomputing

July 19, 2018

In the competitive global HPC landscape, system and processor vendors, nations and end user sites certainly get a lot of attention--deservedly so--but more than Read more…

By Tiffany Trader

HPC for Life: Genomics, Brain Research, and Beyond

July 19, 2018

During the past few decades, the life sciences have witnessed one landmark discovery after another with the aid of HPC, paving the way toward a new era of perso Read more…

By Warren Froelich

D-Wave Breaks New Ground in Quantum Simulation

July 16, 2018

Last Friday D-Wave scientists and colleagues published work in Science which they say represents the first fulfillment of Richard Feynman’s 1982 notion that Read more…

By John Russell

AI Thought Leaders on Capitol Hill

July 14, 2018

On Thursday, July 12, the House Committee on Science, Space, and Technology heard from four academic and industry leaders – representatives from Berkeley Lab, Argonne Lab, GE Global Research and Carnegie Mellon University – on the opportunities springing from the intersection of machine learning and advanced-scale computing. Read more…

By Tiffany Trader

HPC Serves as a ‘Rosetta Stone’ for the Information Age

July 12, 2018

In an age defined and transformed by its data, several large-scale scientific instruments around the globe might be viewed as a ‘mother lode’ of precious data. With names seemingly created for a ‘techno-speak’ glossary, these interferometers, cyclotrons, sequencers, solenoids, satellite altimeters, and cryo-electron microscopes are churning out data in previously unthinkable and seemingly incomprehensible quantities -- billions, trillions and quadrillions of bits and bytes of electro-magnetic code. Read more…

By Warren Froelich

Tsinghua Powers Through ISC18 Field

July 10, 2018

Tsinghua University topped all other competitors at the ISC18 Student Cluster Competition with an overall score of 88.43 out of 100. This gives Tsinghua their s Read more…

By Dan Olds

HPE, EPFL Launch Blue Brain 5 Supercomputer

July 10, 2018

HPE and the Ecole Polytechnique Federale de Lausannne (EPFL) Blue Brain Project yesterday introduced Blue Brain 5, a new supercomputer built by HPE, which displ Read more…

By John Russell

Pumping New Life into HPC Clusters, the Case for Liquid Cooling

July 10, 2018

High Performance Computing (HPC) faces some daunting challenges in the coming years as traditional, industry-standard systems push the boundaries of data center Read more…

By Scott Tease

Leading Solution Providers

SC17 Booth Video Tours Playlist

Altair @ SC17

Altair

AMD @ SC17

AMD

ASRock Rack @ SC17

ASRock Rack

CEJN @ SC17

CEJN

DDN Storage @ SC17

DDN Storage

Huawei @ SC17

Huawei

IBM @ SC17

IBM

IBM Power Systems @ SC17

IBM Power Systems

Intel @ SC17

Intel

Lenovo @ SC17

Lenovo

Mellanox Technologies @ SC17

Mellanox Technologies

Microsoft @ SC17

Microsoft

Penguin Computing @ SC17

Penguin Computing

Pure Storage @ SC17

Pure Storage

Supericro @ SC17

Supericro

Tyan @ SC17

Tyan

Univa @ SC17

Univa

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This