You Will Anyway: Internet Security and the NSA

Monday, December 29, 2014

Internet Security and the NSA

When Christmas approaches, the spies of the Five Eyes intelligence services can look forward to a break from the arduous daily work of spying. In addition to their usual job -- attempting to crack encryption all around the world -- they play a game called the "Kryptos Kristmas Kwiz," which involves solving challenging numerical and alphabetical puzzles. The proud winners of the competition are awarded "Kryptos" mugs.

Spiegel

KKK?

The number of Internet users concerned about privacy online has risen dramatically since the first Snowden revelations. But people who consciously use strong end-to-end encryption to protect their data still represent a minority of the Internet-using population. There are a number of reasons for this: Some believe encryption is too complicated to use. Or they think the intelligence agency experts are already so many steps ahead of them that they can crack any encryption program.

Not to mention the fact that if you are using a virtually uncrackable encryption program, the NSA that in itself will be a red flag for the NSA to start paying very close attention to you.

An NSA presentation for a conference that took place that year lists the encryption programs the Americans failed to crack.

[...]

Monitoring a document's path through the Internet is classified as "trivial." Recording Facebook chats is considered a "minor" task, while the level of difficulty involved in decrypting emails sent through Moscow-based Internet service provider "mail.ru" is considered "moderate." Still, all three of those classifications don't appear to pose any significant problems for the NSA.

Things first become troublesome at the fourth level. The presentation states that the NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user's information.

[...]

The NSA also has "major" problems with Truecrypt, a program for encrypting files on computers. Truecrypt's developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft.

No doubt.

Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal.

[...]

[Also,] PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack.

[...]

Given its use outside the United States, the US government launched an investigation into [PGP’s developer, Phil] Zimmermann during the 1990s for allegedly violating the Arms Export Control Act. Prosecutors argued that making encryption software of such complexity available abroad was illegal. Zimmermann responded by publishing the source code as a book, an act that was constitutionally protected as free speech.

The Spiegel article also cites supposedly secure communication protocols that aren’t: Skype, VPNs (virtual private networks), TLS, SSL, SSH and HTTPS.

So, now can we declare Spiegel a terrorist organization for revealing this information?

..but hey, do what you want...you will anyway.

Oh, by the way, Facebook is indexing all your posts.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

"It takes only a bit of knowledge of history to realize how dangerous it is to think that the people who run the country know what they are doing." -- Howard Zinn

"It’s not about not having something to hide; it’s about having something to lose. What we lose when we’re under observation is our humanity...Rights are inherent to our nature, they’re not granted by governments, they’re guaranteed by governments. They’re protected by governments." -- Edward Snowden

"Terrorism is the willingness to kill large numbers of people for some presumably good cause.” -- Howard Zinn

"What we have is a foreign policy which is essentially a marketing strategy for selling weapons." -- Jill Stein

"We should always remember that the danger to societies from security services is not that they will spontaneously decide to embrace [Stasi style] mustache twirling and jackboots to bear us bodily into dark places, but that the slowly shifting foundation of policy will make it such that mustaches and jackboots are discovered to prove an operational advantage toward a necessary purpose.” ~ Edward Snowden

"America: just a nation of two hundred million used car salesmen with all the money we need to buy guns and no qualms about killing anybody else in the world who tries to make us uncomfortable." ~ Hunter S. Thompson

"Let me issue and control a nation's money and I care not who writes the laws." ~ Mayer Rothschild

"News is what somebody does not want you to print. All the rest is advertising." ~ LACUNA

"What matters in journalism isn't politics, which are as universal and inescapable as breathing. What matters -- along with a fundamentally adversarial attitude toward government, without which "journalism" is simply public relations -- is integrity, transparency, evidence, coherence, and principle. These are the principles on which we should evaluate the quality of journalism, and their absence is why some journalists are so desperate to get you to focus on something else." ~ Barry Eisler

"There is no inverse relationship between freedom and security. Less of one does not lead to more of the other. People with no rights are not safe from terrorist attack." ~ Molly Ivins

"The brain of our species is, as we know, made up largely of potassium, phosphorus, propaganda, and politics, with the result that how not to understand what should be clearer is becoming easier and easier for all of us." ~ James Thurber

"The highest patriotism is not a blind acceptance of official policy, but a love of one's country deep enough to call her to a higher plane....When you hold up your arm and swear to uphold the Constitution, you don’t say, 'Except in wartime.'" -- George McGovern

"I’ll believe that corporations are people when Texas executes one." ~ Bill Moyers

"When did hope become a political dynamic? Hope is right below wishful thinking and right above performing a rain dance on the scale of activity." ~ Rich Hall

Life, as Explained in "Rosencrantz & Guildenstern Are Dead"

GUILDENSTERN: What a fine persecution---to be kept intrigued without ever quite being enlightened.

------
ROSENCRANTZ : The only thing that makes it bearable is the irrational belief that somebody interesting will come on in a minute.

------
GUILDENSTERN: But for God's sake what are we supposed to do?!

PLAYER: Relax. Respond. That's what people do. You can't go through life questioning your situation at every turn.

GUILDENSTERN: But we don't know what's going on, or what to do with ourselves. We don't know how to act.

PLAYER: Act natural. You know why you're here at least.

GUILDENSTERN: We only know what we're told, and that's little enough. And for all we know it isn't even true.

PLAYER: For all anyone knows, nothing is. Everything has to be taken on trust; truth is only that which is taken to be true. It's the currency of living. There may be nothing behind it, but it doesn't make any difference so long as it is honoured. One acts on assumptions.

------
GUILDENSTERN : We act on scraps of information... sifting half-remembered directions that we can hardly separate from instinct.

------
PLAYER: Life is a gamble, at terrible odds-if it was a bet you wouldn't take it.