http://www.wired.com/threatlevel/2013/09/nsa-backdoored-and-stole-keys/
By Kim Zetter
Threat Level
Wired.com
09.05.13
It was only a matter of time before we learned that the NSA has managed to
thwart much of the encryption that protects telephone and online
communication, but new revelations show the extent to which the agency,
and Britain’s GCHQ, have gone to systematically undermine encryption.
Without the ability to actually crack the strongest algorithms that
protect data, the intelligence agencies have systematically worked to
thwart or bypass encryption using a variety of underhanded methods,
according to revelations published by the New York Times and Guardian
newspapers and the journalism non-profit ProPublica, based on documents
leaked by NSA whistleblower Edward Snowden.
These methods, part of a highly secret program codenamed Bullrun, have
included pressuring vendors to install backdoors in their products to
allow intelligence agencies to access data, and obtaining encryption keys
by pressuring vendors to hand them over or hacking into systems and
stealing them.
Most surprising, however, is the revelation that the agency has worked to
covertly undermine the encryption standards developers rely upon to build
secure products. Undermining standards and installing backdoors don’t just
allow the government to spy on data but create fundamental insecurities in
systems that would allow others to spy on the data as well.
“The encryption technologies that the NSA has exploited to enable its
secret dragnet surveillance are the same technologies that protect our
most sensitive information, including medical records, financial
transactions, and commercial secrets,” Christopher Soghoian, principal
technologist of the ACLU’s Speech, Privacy and Technology Project, said in
a statement about the revelations. “Even as the NSA demands more powers to
invade our privacy in the name of cybersecurity, it is making the internet
less secure and exposing us to criminal hacking, foreign espionage, and
unlawful surveillance. The NSA’s efforts to secretly defeat encryption are
recklessly shortsighted and will further erode not only the United States’
reputation as a global champion of civil liberties and privacy but the
economic competitiveness of its largest companies.”
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
