What NSA encryption is too tough

Hack Tor, PGP and OTR special services can not afford

Only due to the leaks of Edward Snowden and similar events do we have a unique opportunity to look at the “inner kitchen” of the American special services. They themselves can not give out any specific figures by definition.

Spiegel has published an article about how the US National Security Agency has broken down cryptographic algorithms. This is another leak of Snowden materials.

The most useful of this information is that at the time of creating the documents (2012), some chat rooms and programs for sending e-mail were still difficult for the NSA.

In general, the NSA regards any form of encryption as a threat to its interests in curbing the enemy’s cyber threats and traffic tracking.
')
In documents of cryptographic stability, five grades of assessment are assigned from “simplest” to “catastrophic”. For example, the decoding of letters of the Russian email provider Mail.ru has been assigned the status of medium complexity. Tracking a file on the web is the “simplest” complexity, reading messages from the Facebook chat is slightly higher, “insignificant”.

The documents mention that the organization is experiencing "significant problems" with the Tor network and with the decoding of service messages like Zoho. Tor is a well-known program for providing anonymous network based on onion routing. It should be remembered that the “pierce” is still possible, an example of this are the arrests of the owners of Silk Road, Silk Road 2.0 and a number of other illegal .onion-sites selling drugs.

Causes TrueCrypt problems. This product is designed to encrypt the contents of the hard disk of the computer. May 28, under mysterious circumstances, the project was closed .

The NSA cannot read messages transmitted via the OTR protocol. At the same time, the source codes of both TrueCrypt and OTR are open for analysis. On the other hand, openness excludes the possibility of including backdoors in them.

PGP encryption is already 20 years old, but there is no solution for it either .

A “catastrophic” level is achieved with a combination of similar products — for example, when using Tor, another anonymization service, CSpace chat, and ZRTP calls. This level means almost complete loss of information about the communications of the target.

But still, the NSA earn their wages for a reason. The security services have the ability to crack many of the methods of implementing a VPN. The point that it was planned to monitor 100 thousand VPN connections per hour by the end of 2011 was of great concern, of which 20% were going to be decrypted. For 2009, there was only enough power per thousand per hour.

PPTP is not difficult, Ipsec causes a bit more problems. However, it is not necessary to break encryption keys, you can steal them from the network nodes under control.

By the end of 2012, it was planned to reach a capacity of 10 million cracked HTTPS connections per day. This helps in the collection of data on SSL handshakes.

From one document with the highest level of secrecy, it follows that at the time of 2012, the NSA was trying to find a way to hack AES .

The NSA has a program that, it is claimed, can in some cases break SSH . This protocol is used to remotely control the operating system of computers, most often these are servers and important nodes of networks.

Skype, which is used by 300 million users worldwide, can be easily listened to . Continuous collection of information began in February 2011, even before the purchase of the service by Microsoft.

By combining this information, the US National Security Agency gains access to a variety of computer systems. It is claimed that the penetration into the networks of Royal Jordanian Airlines, Transaero Airlines and the Moscow Telematics World of Telematics was carried out. The reports mention spying on diplomats and officials from Afghanistan, Pakistan and Turkey.

If you cannot gather the necessary information, then an attack in the forehead is underway: computers and routers are hacked to retrieve data, and spyware is put in the way of the traffic.

It should be noted that the NSA not only deals with decoding, but also has long sent its agents to the conference of the Engineering Council of the Internet to collect information and influence decisions. The goal is to simplify data protection algorithms.

For information security experts, the information obtained is not a big revelation - vulnerabilities in the protocols are known. But Tor and PGP users will be pleased to know about the complexity these products presented to the NSA in 2012 and may still be present.