Much of the online encryption techniques used on the internet have little or no impact on the prying eyes of agents working for the US and UK governments, a new report in The Guardian reveals today.
If you thought your using online banking services, online shopping and email over home and mobile networks was private and secure, as we are often assured, you must now think again. We are informed that the NSA (National Security Agency) in the US and GCHQ, its UK counterpart, use a variety of methods to see through widely used internet encryption. Supercomputers are used to crack passwords and keys using ‘brute force’ techniques but perhaps more controversially many internet businesses have collaborated with the government agencies to place backdoors in commercial encryption software.
Hotmail, Google, Yahoo and Facebook
The ‘big four’ webmail service providers on the internet “Hotmail, Google, Yahoo and Facebook,” are all under the scrutiny of GCHQ which has been working to develop ways into the encrypted traffic from these sites.
Another technique to get access to encypted traffic is used by the NSA which spends money on a program which is intended to “covertly influence” technology company product designs to include backdoors.
Interestingly the NSA described a breakthrough in 2010 which allowed agents to break through some commonly used encryption which lead to “vast amounts of encrypted internet data which have up till now been discarded are now exploitable,” according to leaked GCHQ documents.
The name of this encryption cracking program is ‘Project Bullrun’ in the US but GCHQ’s project name is called ‘Edgehill’. Today’s Snowden document leak reveals that the security agencies have “capabilities against” HTTPS, voice-over-IP and Secure Sockets Layer (SSL) communications. The ambitions of the Edgehill program at GCHQ are said to be in expanding from the 2010 capability of decoding encrypted traffic from three major internet companies and 30 types of VPN to 15 major internet companies and 300 VPNs by the end of 2015.
Protecting the free world
The security agencies reason that “the ability to defeat encryption is vital to their core missions of counter-terrorism and foreign intelligence gathering,” says The Guardian. There are still some encryption methods which aren’t cracked by the NSA and GCHQ and earlier in the year Edward Snowden told the Guardian - “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” However the NSA can often find ways around this because of other weak links in the communication chain.
Bowing to requests of government security agencies The Guardian, New York Times and ProPublica removed some specific facts from their published articles today, which might have proved useful to “foreign targets”.