The Encryption Tools the NSA Still Can't Crack Revealed in New Leaks

[rgray222]

Most of us—at least the cynical ones—assume that the NSA has probably beaten most of the encryption technologies out there. But a new report from Der Spiegel that draws on documents from Edward Snowden's archive shows that this simply isn't true. There are some tools that the NSA, as recently as two years ago, couldn't crack.


Source: Shield Spirit

"[Some users] think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program," explains the report. "This isn't true." In fact, there are several encryption technologies that gave the NSA trouble. First of all, the documents show that the NSA had "major" issues trying to break the encryption on both Tor and Zoho, the email service. Truecrypt, the now-defunct freeware service for encrypting files on your computer, was another thorn in the NSA's side, along with Off-the-Record, which encrypts instant messages.

Another good tool mentioned is Pretty Good Privacy, which is shocking given that the protocol is two decades old, originally written in 1991. But there are also combinations of tools that the NSA describes as "catastrophic" when attempting to crack. Here's how Der Spiegel describes the special sauce:

Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.

There are also plenty of seemingly secure services that the report shows are easy for the NSA to monitor, just as you might already assume—including VPNs and the HTTPS connections that many of us see on a daily basis when logging into banking sites and other supposedly "secure" websites. According to the report, the NSA intercepted 10 million of those https connectionsevery day in 2012.

Then there are the details about how the NSA proactively fights encryption online, including attending meetings of groups that create the standards for encryption, like the Internet Engineering Task Force. This way, the NSA can influence—and water down—the internet-wide standards for privacy in a much longer-term way. In one of the more ironic sections of the new documents, we learn that while the NSA is responsible for recommending the best security standards to the US National Institute of Standards and Technology, at the same time it is looking for ways to break the tools it recommends.

It's a harrowing new look at the NSA's encryption-breaking prowess, but at the same time, a heartening glimpse of the freely available tools that still provide a modicum of privacy. More than anything, it's a reminder that the NSA is throwing all its weight into cracking these protocols—and none of us can ever assume that a single encryption tool is truly private. The entire report is well worth a read. [Der Spiegel]

Source: ShieldSpirit

[bbj3n546pt]

rgray222:

This article and the information that the article references is excellent. Well done.

[Hervé]

NSA broke encryption on numerous 'high potential' VPN's, including Al Jazeera, Iraqi military and airlines

Micah Lee The Intercept
Wed, 15 Aug 2018 14:09 UTC

The National Security Agency successfully broke the encryption on a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document.

A virtual private network, or VPN, uses an encrypted connection to enable users to go over the internet and connect to a private network, such as a corporate intranet. This allows an organization's staff to access internal services like file-sharing servers or private wikis without having to physically be in the office.

The NSA's ability to crack into sensitive VPNs belonging to large organizations, all the way back in 2006, raises broader questions about the security of such networks. Many consumers pay for access to VPNs in order to mask the origin of their internet traffic from the sites they visit, hide their surfing habits from their internet service providers, and to protect against eavesdroppers on public Wi-Fi networks.

The fact that the NSA spied on Al Jazeera's communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA's compromise of Al Jazeera's VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

At the time, Al Jazeera defended itself against this criticism, insisting that its reporting was objective.

"Osama bin Laden, like it or not, is a party to this present crisis," news editor Ahmed Al Sheikh told the BBC in 2001.

"If we said that we were not going to allow him the air time, then we would have lost our integrity and objectivity and our coverage of the story would have become unbalanced."

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, "Paraguayan SABRE," Russian airline Aeroflot, and "Russian Galileo." Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world.

In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries' VPNs appears to have occurred at roughly the same time as a broader "all-out campaign to penetrate Iraqi networks," described by an NSA staffer in 2005.

"Although VPNs pose special challenges for SIGINT (signals intelligence) collection and processing, we've recently had notable success in exploiting these communications," wrote the author of the document, an article for the internal NSA news site SIDtoday. The author added that the NSA's Network Analysis Center had been focusing on "VPN SIGINT Development (SIGDev) for over three years now, and the investment is paying off!" The article does not say what VPN technology any of the targets used, nor does it give any technical details on how the NSA broke the encryption on them.

The technical details that describe how the NSA exploits VPNs are a closely-guarded secret, according to another SIDtoday article, from December 2006. "Exploiting VPNs makes use of some of the newest state-of-the-art techniques," the article stated, "and because of this, the exploitation details are held closely and generally not available to field sites." The author went on to describe a tool called VIVIDDREAM that lets analysts who discover new VPNs test whether the NSA has the capability to exploit it, all without revealing to the analyst any sensitive information about how the exploit works.

Documents provided to news organizations by Snowden do not conclusively list which VPN technologies have been compromised by the NSA and which have not. However, there have been a number of news reports about the NSA's VPN hacking capabilities based on these documents, and cryptographers who have reviewed them have come up with some educated guesses.

In 2014, The Intercept reported on the NSA's plans, dated August 2009, to use an automated system called TURBINE to covertly infect millions of computers with malware. The revelations described a piece of NSA malware called HAMMERSTEIN, installed on routers that VPN traffic traverses. The malware was able to forward VPN traffic that uses the IPSec protocol back to the NSA to decrypt. However, the documents did not explain precisely how the decryption occurred.

Later that year, Der Spiegel published 17 documents from the Snowden archive related to the NSA's attacks against VPNs, many of them providing more details about TURBINE, HAMMERSTEIN, and related programs.

There are many different VPN protocols in use, some of them known to be less secure than others, and each can be configured in ways to make them more or less secure. One, Point-to-Point Tunneling Protocol, "is old and insecure and there are a bunch of known security vulnerabilities since forever," Nadia Heninger, cryptography researcher at the University of Pennsylvania, told me in an email. "I would not at all be shocked if these were being exploited in the wild."

The NSA also appears to have, at least in some situations, broken the security of another VPN protocol, Internet Protocol Security, or IPSec, according to the Snowden documents published by The Intercept and Der Spiegel in 2014.

"For both TLS and IPsec, there are both secure and insecure ways of configuring these protocols, so they can't really be labeled as blanket 'secure' or 'insecure,'" Heninger explained.

"Both protocols offer a zillion configurable options, which is a source of a lot of the published protocol-level vulnerabilities, and there are cipher suites and parameter choices for both protocols that are definitely known to be cryptographically vulnerable."

Still, she was "pretty confident" that there are ways to configure TLS and IPsec that "should resist all known attacks."

Another possibility is that the NSA figured out how to break the encryption on VPNs without even using cryptography.

"I should also note that we've seen a lot of hardcoded credentials and other software vulnerabilities get found in various VPN implementations, which would enable a bunch of boring noncryptographic attacks like just running a script on an end host to exfiltrate login credentials or other data as desired. This is the kind of thing that most of the Shadow Brokers tools were actually doing," Heninger said, referring to the cache of post-Snowden NSA exploits and hacking tools that were published on the internet in 2016 and 2017.

In 2015, Heninger and a team of 13 other cryptographers published a paper, titled "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice," that revealed major weaknesses in the security of several of the internet's most popular protocols. Their paper described a new attack called Logjam and concluded that it was within the resources of a nation-state to use this attack to compromise 66 percent of all IPSec VPNs.

"A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break," the authors speculated.

The NSA declined to comment for this story.




Related:

• Snake-oil alert: Encryption doesn't prevent mass-snooping

• Leaked: NSA wants to build quantum computer that could break nearly any kind of encryption

• Every man, woman and child: Why NSA surveillance is worse than you've ever imagined