NSA and GCHQ have learnt how to 'unlock' encrypted messages
Intelligence agencies working with tech companies to 'weaken' security systems, say secret documents
INTELLIGENCE agencies in the US and the UK have learnt how to "unlock" the data encryption systems used by millions of internet users, it has been claimed.
In the latest revelations based on classified documents leaked by National Security Agency whistleblower Edward Snowden, The Guardian and the New York Times claim that the NSA and Britain's GCHQ are "winning their war on encryption".
Using supercomputers, hacking and the deliberate insertion of "weaknesses" into products by compliant or coerced manufacturers, the security of millions of messages has been breached. The Guardian says the ease with which the agencies are able to read encrypted data is alarming. It has "broadly compromised" the guarantees that internet companies give customers to reassure them that their communications, online banking and medical records cannot be read by criminals or governments.
The paper says the NSA and GCHQ defeat encryption in a variety of ways. The "brute force" method is using a supercomputer - a custom-built, super-fast processor - to identify and break encryption codes.
But the "most closely guarded secret of all" is the collaboration between intelligence agencies and technology companies. These "covert partnerships" have allowed agencies to insert secret vulnerabilities - known as ‘back doors' or ‘trapdoors' - into the commercial encryption software used by millions of people.
The documents supplied by Snowden do not specify which companies have engaged in this practice, says the New York Times. But the paper alleges that some tech companies were "coerced" by government agencies into handing over their master encryption keys or building in a back door.
A more subtle approach saw the NSA using its influence as "the world's most experienced code maker" to introduce weaknesses into the encryption standards followed by hardware and software developers worldwide. The New York Times says the NSA spends $250 million a year on a program which, among other things, works with tech companies to "covertly influence" their product designs.
"For the past decade, NSA has led an aggressive, multipronged effort to break widely used internet encryption technologies," says an NSA memo sent to GCHQ in 2010. "Cryptanalytic [the science of deciphering encrypted data] capabilities are now coming online. Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."
The documents provided by Snowden also suggest that GCHQ has been working to develop ways to read "encrypted traffic" on Hotmail, Google, Yahoo and Facebook.
The Guardian and the New York Times say "intelligence officials" asked them not to publish their articles on encryption, because they "might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read". The papers removed "some facts" from their articles in response. But they decided to publish because of the "value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of internet users in the US and worldwide". ·