Why the Latest NSA Leak Is the Scariest of All

The National Security Agency programs revealed yesterday (Sept. 5) in three media reports were perhaps the most important revelations yet this summer, and have profound implications for everyone who uses the Internet.

The reports make clear that the NSA and its British counterpart Government Communications Headquarters (GCHQ), have been methodically undermining the vast encryption-based "web of trust" that makes possible secure online financial transactions, communications and other sensitive transmissions.

The spy agencies' activities have gone on for more than a decade. Like a silent but pervasive cancer, they have penetrated and weakened every corner of the Internet.

"Not only does the worst possible hypothetical ... appear to be true," wrote Johns Hopkins cryptographer Matthew Green on his blog last night, "but it's true on a scale I couldn't even imagine."

"The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: We can no longer trust them," wrote American encryption expert Bruce Schneier on the website of the British newspaper The Guardian.

MORE: 7 Ways to Lock Down Your Online Privacy

Subterfuge by any means necessary

The surveillance programs, named "Manassas," "Bullrun" and "Edgehill" after battles in the American and English civil wars, not only built powerful computers to crack encryption protocols.

They also coerced technology companies into handing over encryption keys, infiltrated NSA and GCHQ personnel onto corporate staffs, broke into the computer servers of uncooperative companies to steal information and ensured that some companies built "backdoors" into their technology so that the spy agencies would always have access.

Perhaps most egregiously of all, the NSA and GCHQ deliberately poisoned publicly distributed encryption standards, used by hundreds of millions of people across the world every day, so that the standards would be secretly — but fatally — flawed.

"The (actually substantial) goodwill that NSA built up in the public crypto community over the last two decades was wiped out today," tweeted University of Pennsylvania cryptography expert Matt Blaze.

The implications are that, if they wanted to, the spy agencies could access nearly every Internet-based purchase, money transfer, email, Internet phone call, instant message or file transfer made by anyone, anywhere.

Early hints of secret tampering

The programs were revealed by documents provided in June to The Guardian by former NSA contractor Edward Snowden, who has since taken refuge in Russia.

The Guardian, which has come under pressure from GCHQ to stop publishing Snowden material, shared the documents with The New York Times and the American nonprofit online outlet Pro Publica.

All three publications simultaneously posted stories on their websites yesterday afternoon.

The media outlets, wary of undermining national security in both countries, did not specify which encryption protocols have been compromised. (The spy agencies had asked that the stories not be published at all.)

But at least one has already been identified: Dual Elliptic Curve Deterministic Random Bit Generator, or Dual_EC_DRBG, a random-number generator developed by the NSA and endorsed by the U.S. federal government's National Institute of Standards and Technology (NIST) in 2007. (Random-number generators are essential to the operation of many encryption protocols.)

That same year, Schneier noted that Dual_EC_DRBG was subtly flawed in a way that permitted the holder of a secret key — an unknown numerical constant — to completely undermine encryption protocols based on it.

"Not only is [Dual_EC_DRBG] a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA," Schneier wrote in a November 2007 Wired article. "We have no way of knowing whether an NSA employee working on his own came up with the constants — and has the secret numbers."

Schneier, a source for some Tom's Guide articles, revealed yesterday that he has been helping The Guardian analyze the Snowden documents, and for that purpose had even bought a new computer that "has never been connected to the Internet."

"What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it's in. Period," Schneier wrote in an opinion piece published on the Guardian website yesterday.

MORE: 'Cryptopocalypse' Now: Looming Security Crisis Could Cripple Internet

How to protect yourself — maybe

On the Guardian site, Schneier offered advice to readers seeking to keep their data private: Use the anonymizing Internet service Tor, encrypt emails and other communications and use open-source encryption software instead of commercial encryption products.

"My guess is that most encryption products from large US companies have NSA-friendly backdoors," Schneier wrote, "and many foreign ones probably do as well."

Yet even Schneier's informed recommendations may be only hopeful guesses. Because the Snowden documents did not name all the encryption protocols, pieces of software and technology companies compromised by the NSA and GCHQ, few people know what's safe and what's not.

Tor only offers partial security, and the Times' story implied that the Secure Sockets Layer (SSL) open-source security standard, which underlies nearly all secure Web transactions, had been compromised.

Likewise, the Pretty Good Privacy (PGP) open-source encryption standard, which Schneier also recommended, is so old, so widely used and was once such an irritant to the U.S. government that it would be first on a list of things for the NSA to crack.

However, just because the NSA and GCHQ could be watching you, it doesn't mean they are.

"Assume that while your computer can be compromised, it would take work and risk on the part of the NSA — so it probably isn't," wrote Schneier.

If everyone sees it, no one can lie

It's likely some of the newer open-source technology, such as the Transport Layer Security (TLS) 1.2 Web-security standard (meant to replace SSL but not yet widely adopted), or the free RedPhone and Secure Text Android apps, are not compromised. Their code is openly available for expert review and revision.

It's also likely that closed-source technology developed by major U.S. or British corporations has been compromised. The paranoid rants dating back to the 1990s about NSA backdoors in Microsoft software or Intel chips suddenly make sense.

Even the story published last month by the German magazine Die Zeit, which suspected that Microsoft's Trusted Computing chips were secret NSA backdoors, and which we dismissed as exaggerated, no longer seems unreasonable.

"I'm no longer the crank," wrote Green on his blog yesterday, referring to his own speculation about NSA activities. "I wasn't even close to cranky enough."

MORE: Beat the FBI: How to Send Anonymous Email Without Getting Caught

Undermining your security to keep you secure

The NSA and GCHQ will argue that undermining every possible piece of encryption and security is necessary for the greater good of keeping the U.S. and Britain free from terrorism, and that their adversaries in Russia and China are trying to do the same thing. (Some intelligence experts think Snowden has been a Russian agent all along.)

"Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities," the Office of the Director of National Intelligence, James Clapper, said in a statement today (Sept. 6) and posted on Pro Publica's website. "Our intelligence community would not be doing its job if we did not try to counter that. … The fact that NSA's mission includes deciphering enciphered communications is not a secret, and is not news."

"The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity," the statement said. "Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions."

But the collateral damage from these programs may be worse than a terrorist attack. From now on, suspicion will be cast on all products from major U.S. technology companies — the key players in an industrial sector in which the U.S. is trying to maintain dominance.

Why should consumers, business or foreign governments trust software from Microsoft or McAfee, hardware from Intel or Cisco, or anything from Apple? Why buy American when cheaper Chinese products are no less secure?

A statement made a month ago by Ladar Levison, founder of the small secure email provider Lavabit, which shut down in response to government pressure, has even more resonance today.

"I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States," Levison said in a note explaining the Lavabit closure.

Follow us @tomsguide, on Facebook and on Google+.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

  • Benthon
    Holy crap....
  • koga73
    Not surprising... I'm sure they have found flaws in cryptographic algorithms such as PGP and AES. Besides that since they watch ALL traffic they are able to see the key exchange for protocols such as SSL and TLS. Once they have the key the traffic is easily decrypted. Finally for anything else encrypted where a company maintains cryptographic keys (such as in a db) the secret surveillance court orders the company to hand over the keys and issues a gag order. It's completely fucking crazy.

    We need new open source encryption standards and more secure internet protocols that change rapidly.
  • derekullo
    Don't be Evil
  • kinggraves
    If you thought you could send critical information across several computers for decades and no one was ever going to peek at it you're too naive to live. The very reason this country's constitution is built the way it is is because the founding fathers knew better than to trust the government. What do you do about it? If you're that concerned about security you need to never touch a public network, period. Every security measure can be counteracted with the proper approach. This is the compromise of life, security comes at the cost of convenience. The more locks you have on your front door, the more locks you have to unlock every time you leave. Most people take a minimum amount of security to deter all but the most determined criminals. The safest measure is to not do anything that would make that attention on your computer an issue. Still, I am by no means excusing the government far overstepping their bounds. Thankfully for their sakes the American populace is already too sedated and stupified to realize they should be shocked and outraged about this gross invasion of their privacy and rights.
  • bmwman91
    If having our wise, omnipresent government know everything that you do stresses you out, pop some Prozac. Brave New World meets 1984, baby!
  • amdfreak
    Power to Assange, Snowden and Manning who are the real heroes. All those hypocrite whores in the NSA, White House, ... should be in jail instead.

    Actually this is a great opportunity for other non US companies to offer services/products which would not allow any espionage. E.g. : http://www.nofbiciansa.com
  • g-thor
    The article states that the spy agencies "broke into the computer servers of uncooperative companies to steal information ..."

    If your work was that important, why didn't you go through the proper channels? Why not do it legally, do it right? Too slow for you? Too bad, but that's part of what our style of government is about.

    Expediency is not an excuse for the government to get away with something that would land an ordinary citizen in jail.
  • Jeff Krogue
    "Why buy American when cheaper Chinese products are no less secure?"

    Ah, I don't have a whole lot of trust in China either. It would be nice if Germany would step up and start providing the same type software and services that are now mainly US based.
  • COLGeek
    Sounds more like a sci-fi movie plot than reality.

    Regardless, does it come as any great surprise that the ability to decrypt any commercially available encryption protocol exists? Any thing that you can put together via an algorithm (math) can be taken apart with the same.

    This should come as no great eureka moment to any informed user.
    The road to serfdom and 1984 are both excellent books to read. This surprises me, but yet it doesn't. It really just makes me sad. On a positive note, time to move to africa and live like an aborigine! But Im too white for that, hmmmmm back to the drawing board....