While it’s been over a year-and-a-half since former National Security Agency (NSA) contractor Edward Snowden first leaked documents that exposed the U.S. government’s widespread surveillance programs, new information continues to emerge. The latest revelations from Snowden’s trove of secret documents come courtesy of Germany’s Spiegel Online news site, which recently highlighted some documents that focus on the NSA’s attempts to circumvent the various encryption programs used to protect electronic communications. Not only do the documents provide a fascinating glimpse into the NSA’s secret war on encryption, they also reveal which encryption tools are still effective and which ones have already been compromised.
Since previous documents leaked by Snowden revealed that the U.S. and other countries in the so-called Five Eyes intelligence alliance were engaged in the indiscriminate monitoring of all electronic communications, it comes as little surprise that the documents obtained by Spiegel Online showed that the NSA regards any form of secure communication as a hindrance to its mission. “Did you know that ubiquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware?” noted one NSA training document.
While the documents showed that the NSA and other spy agencies have successfully cracked many commonly used encryption tools, they also revealed that there are still many that have remained secure. On the other hand, it should be noted that the documents obtained by Spiegel Online are approximately two years old, so it’s unknown if the NSA has made further progress on cracking some of the programs that were still considered secure back then.
According to Spiegel Online, the NSA used a five-tier classification system for encryption programs. Programs that were considered relatively easy to crack were labeled as “trivial,” while the most difficult or impenetrable programs were labeled as “catastrophic.” Following a document’s trail through the Internet fell under the agency’s “trivial” classification, while monitoring Facebook chats was deemed a “minor” undertaking. Cracking emails handled by Russia’s mail.ru Internet services company was labeled a “moderate” task. While encryption programs classified under the system’s first three tiers appeared to be easily exploited by the NSA, programs found in the fourth (major) and fifth (catastrophic) tiers were cracked with great difficulty or not at all.
Tor (also known as The Onion Router) software was classified as a “major” problem for the NSA. As noted by Spiegel Online, the encryption software used by Tor distributes a user’s information across multiple computers, making it extremely difficult for the NSA to determine where a user is located. Encrypted email service provider Zoho, file encryption program Truecrypt, and an instant messaging encryption protocol called Off-the-Record (OTR) also garnered the “major” label from the agency. One NSA message highlighted by Spiegel Online read, “No decrypt available for this OTR message,” which suggested that the agency completely failed to crack this protocol on at least one occasion.
Finally, the NSA documents revealed that combinations of encryption programs appeared to be the most resistant to cracking and were considered “catastrophic” by the agency. According to one example cited by Spiegel Online, “a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP” rendered a subject’s location and communications almost completely invisible to the NSA.
Ironically, many of the encryption programs that the NSA is interested in cracking are also used by the agency and its intelligence service allies precisely because they are known to be secure. In fact, as noted by Spiegel Online, Tor was originally developed with the support of the U.S. Naval Research Laboratory. Phil Zimmerman, creator of the “catastrophic” ZRTP protocol, also created the Pretty Good Privacy (PGP) encryption program that is still considered highly secure despite being over 20 years old, reports Spiegel Online. According to one NSA document, PGP is still occasionally used by intelligence services.
Other widely used Internet security measures have been so effectively subverted by the NSA that they apparently didn’t even register on the agency’s classification scale. Skype’s encrypted communications have long been open to NSA surveillance. “Sustained Skype collection began in Feb 2011,” reads one NSA training document. Virtual private networks (VPN) that are supposed to create secure point-to-point connections over the Internet can also be easily exploited by the NSA, reports Spiegel Online. Similarly, the Hypertext Transfer Protocol Secure (HTTPS) protocol that is widely used to protect sensitive data on financial and email websites can also be easily decrypted by the NSA and other spy agencies.
Besides working on cracking existing programs, the NSA is also attempting to weaken future encryption standards. “NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable,” reads one top secret document via Spiegel. Unfortunately, this approach makes the Internet less secure for everyone, since any backdoor built into a security system that can be exploited by a government, can also be exploited by a criminal. Fortunately, the latest batch of leaked NSA documents revealed that there are still some effective encryption tools available for individuals or organizations interested in protecting the privacy and security of their data.
Follow Nathanael on Twitter @ArnoldEtan_WSCS