Skip to main content

'FLYING PIG' Soars Over Internet Privacy Protections

If you've ever consoled yourself by saying that the government will compromise secure email and browser servers "when pigs fly," take a deep a deep breath: that day has arrived. The British government has devised a method dubbed "FLYING PIG" to access encrypted Internet communications.

The National Security Agency (NSA) in the United States and the Government Communications Headquarters (GCHQ) in the United Kingdom have collaborated to gain unfettered access to citizens' private data. One of the only things standing in their way is data encryption.

A very common type of encryption, SSL (Secure Socket Layer), ensures secure communication between a user and the website that needs his or her information. If you send an email, the server needs to route the document; if you buy something online, the vendor needs your credit card information. SSL encryption renders this information unreadable in transit.

From a user standpoint, if you access an HTTPS version of a website, the site is using SSL (or TLS, a very close SSL relative) protocols to keep your data secure.

MORE: NSA Poisoned Internet Security from the Beginning

FLYING PIG can bypass SSL through what is known as a man-in-the-middle attack. By interposing itself between the user and the user's intended destination during such an attack, GCHQ can redirect the user to a spoof site, usually almost indistinguishable from the genuine article.

For example, a man-in-the-middle attack on an online store can steal a user's credit card information by making it appear that the order has gone through as planned.

FLYING PIG, in particular, takes advantage of SSL's modus operandi, which requires a "handshake." SSL makes both the end user and the server provide security certificates before transmitting data. GCHQ can provide fake security certificates, rendering both a user and his or her system unaware that a third party has acquired the information.

Yahoo, Google and Hotmail all employ SSL encryption in their email servers. Even the purportedly secure Tor protocol uses SSL certificates to guarantee its users' safety and privacy. According to leaked GCHQ documents, the U.K. organization has compromised those three email providers as well as the specialized Tor browser.

Man-in-the-middle attacks — especially sophisticated ones like those GCHQ employs — are generally difficult to avoid, as the average user (and even the average browser) cannot detect subtle redirection.

Users have only limited recourse against such attacks, but changing a router's default password to something stronger is a start. Use an administrator on your PC or Mac account to install and uninstall programs, and a more limited-access user account for everyday computing. Install an Internet security suite on your computer, and ensure that a firewall is active at all times.

Note that these steps will not stop GCHQ or the NSA from acquiring your data, especially if they have you, specifically, in their crosshairs. But these moves may make the average user more trouble than he or she is worth for the government to target.

Follow Marshall Honorof @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.