Just How Far the NSA Gets Into Your Stuff
DayPage – I’m Rex Latchford… more leakage from the NSA’s exiled contractor Edward Snowden. Published in the NY Times and the Guardian. The extent to which the Government has broken encryption methods used routinely on the Internet, and devised how to do so in real time has been known for some time by many, but as with previous revelations, the NSA’s own documents are more convincing to skeptics and provide some previously only suspected detail.
The entire list of how the details of NSA’s cryptanalysis for snooping Internet and other electronic data has been published by The Guardian’s website, theguardian.com, as images of documents marked “Top Secret”.
The Guardian writes:
The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments. The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves. Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
Suggesting how to deal with this new information, and the new world of Total Global Surveillance in which we find ourselves, the Guardian writes:
The primary way the NSA eavesdrops on internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.
Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other “partners” around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.
That’s an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. “Interesting” can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis. The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.
The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.
That’s it for today’s DayPage, and there will be more in future DayPages. All monitored, of course, by the NSA. Daypage is produced by Peter Patriot. The Producer is Minka Bito. It’s a production of radio infoweb. [REDACTED] …even though nothing is safe. We’ll see you on the next DayPage…