Posted Sep 6, 2013 by Martin Armstrong
The Guardian was the first the break the news as always on the latest NSA scandal – this time it is defeating encryption services for people’s bank accounts to private sensitive corporate information. The Guardian has been joined by the New York Times and ProPublica. All three have now jointly reported that the NSA has been investing millions in its attempts to gain access to enciphered data sent over the Internet. The NSA has made a significant breakthrough in 2010 that enable it to monitor vast amounts of data that flow through the world’s fiber-optic cables by cracking encryption. Previously, it has been reported that with the X-KEYSCORE Internet surveillance system, the NSA and its British counterpart GCHQ have been able to gain access to data sent over virtual private networks. Such networks are commonly used by businesses and privacy-conscious Internet users to encrypt browsing traffic and conceal their IP addresses.
The NSA has also worked to deliberately insert vulnerabilities into some international security standards, in an apparent attempt to undermine encryption to make it easier to break. This is outrageous. As a programmer, once you create back-doors, others will find them as well. That is why NASA abandoned Windows 8. I warned that Windows 8 was doing more than phoning-home for updates. It was phoning home and reporting every piece of software you installed. I first reported this and many emails said I was wrong. Now it is becoming widely understood that is precisely what is going on. Creating that backdoor into you computer allows hackers to get in as well.
The NSA’s decryption capabilities are still being ascertained. The latest Snowden revelations paint a truly apocalyptic vision of a world. Here you pay companies for encryption to secure your data and you find out they are also working with the NSA and what you have paid for is worthless. Encryption has all been rendered useless because of NSA supercomputers and the companies cooperating with them as did Microsoft, Yahoo and Google to mention a few. In some cases, the NSA is still often forced to rely on vulnerabilities to hack into targets’ computers to circumvent encryption. They need to unscramble information. , the agency also has to find ways to obtain the private “keys” that in public-key cryptography are used to decrypt information that has already been encrypted.
The Guardian reported that the NSA has “capabilities” that can be used to crack Internet traffic encrypted using Secure Sockets Layer (SSL): How It Works is straight forward. When a Browser Encounters SSL, it attempts to connect to a website secured with SSL. The browser then requests that the web server identify itself. The server sends the browser a copy of its SSL Certificate. The browser checks whether it trusts the SSL Certificate. If so, it sends a message back to the server. At this point, the server then sends back a digitally signed acknowledgement to start an SSL encrypted session. The encrypted data is then shared between the browser and the server and it shows up in the browser as HTTPS (unlike unencrypted HTTP).
The NSA seems to have coerced the major companies into handing over their private SSL keys. What they did not get their hands on, the NSA most likely obtained the keys through hacking. The NSA has not fully worked out how to instantly decrypt SSL traffic. If they did, then the PRISM program would have been unnecessary. Smaller companies are likely to be less vulnerable that the big ones.
Clearly, the NSA is the most aggressive spying organization known to history. These people cannot sleep at night worrying about someone might have said something they didn’t listen to. OMG. It could have been derogatory toward them. They have beaten the Stasi of East Germany, the most paranoid sweeps of people by Stalin and they are far beyond Hitler. If Hitler had today’s technology, not a single Jew would have survived. This overarching in the name of security is so dangerous it is insane. Liberty, Freedom, and Democratic establishments cannot not exist under such policies. It would be far better to announce the terrorists won and get the hell out of the Middle East to preserve our American Liberty. The people should have had a right to approve this. Not closed-door hearings in Congress.
Snowden has stated back in June that “encryption works” if implemented properly. PGP—used to strongly encrypt email and other data—is still likely to cause the NSA, GCHQ, and other spy agencies serious difficulties. The same can be said about some peer-to-peer encrypted communications tools that have recently shit down because of NSA demands such as Silent Circle. What the NSA intimidate to get the keys to encryption, they then can still hack into systems. They can use a spy Trojan that will infiltrate a computer or even a smartphone, which will bypass the encryption.
Any communications about money are being sent to the IRS and you can bet on that one.