Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption

from the how-safe-is-your-encryption dept

There are lots of people digging through the latest Ed Snowden leaks concerning the black budget for intelligence activities in the US trying to pick out various nuggets. Over at Wired, Kevin Poulsen has found one of the most interesting tidbits, highlighting how James Clapper cheers on the "groundbreaking cryptanalytic capabilities to defeat adversarial cryptofgraphy and exploit internet traffic." In short, the NSA has gotten pretty good at breaking encrypted communications. Encryption is a strong protector, but can be broken -- and that's always been a part of the NSA's mission: code-breaking. But, there have long been questions about to what level the NSA can break today's popular encryption standards. What today's leaks show is that they're apparently pretty successful and are spending more and more money on it:
The pie chart above? That's $11 billion and it employes 35,000 people. Breaking your encryption. As Poulsen notes, James Bamford (who has followed the NSA closely for years) revealed last year that the NSA had recently made an "enormous breakthrough" in cryptanalysis, and this should raise some questions about just how secure various forms of encryption really are today.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 4:34pm

    CryptoWars Episode II

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Namel3ss (profile), Aug 29th, 2013 @ 4:35pm

    Wow, the farther we fall down the rabbit hole...

    The more I realize what a service Snowden did for the American public. Hats off to you Ed, wherever you are.

    The genie is so far out of the bottle, the govt should just give up and come clean already. They're never getting this genie back in there.

     

    reply to this | link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 4:46pm

    Georgia Institute of Technology rocked the higher education world when it announced plans to offer a fully online masterís degree in computer science for roughly one-seventh the price of its on-campus equivalent Ė less than $7,000.

    Read more: http://blog.credit.com/2013/08/the-7000-masters-degree-scaring-colleges/#ixzz2dPABS1Fn

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    blaktron (profile), Aug 29th, 2013 @ 5:29pm

    Are my paranoid tweets starting to sound a lot less paranoid Mike?

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Rikuo (profile), Aug 29th, 2013 @ 5:31pm

    Where's the part about some of that black budget going towards developing a nuclear-armed bipedal robot out in the Fox Archipelago off the coast of Alaska?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Daniel Joseph Calvanese, Aug 29th, 2013 @ 5:46pm

    [SPOILERS]

    I wouldn't be surprised if the next leak says that some secret agency self-funds through drug trafficking. We already knew that, but for some reason... it's news!

    The NSA is spying on everyone, saving everything ever sent, and trying to break cryptography everywhere it is. This is news? No, this is history. We've been bullying countries for decades, getting into wars on false premises, obliterating our own middle class, hunting down a benign plant (which happens to be winning), blah blah prison industrial complex, and on and on and on. I mean, seriously, if someone blows up your neighbor for profit and then says 'trust us we will be good,' then explodes the next town over, and then the next country, do you really think they will show some restraint when you come under the microscope? Are these revelations really the kinds of things we should be surprised about?

    What I'm trying to say is this: I don't believe for a second that Edward Snowden is genuine. Look up the term 'limited hangout,' and then ask yourself what Snowden has revealed that we didn't already know. The only difference between pre-snowden and post-snowden worlds is that the establishment isn't even bothering with chicanery anymore. They are just out in the open with several contradictions at once, and the masses don't care.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Uriel-238 (profile), Aug 29th, 2013 @ 5:57pm

    We're going to need a bigger codec.

    So, does this mean my notion of encouraging everyone to encrypt everything isn't going to force them to triage?

    Well, I'm embarrassed.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    arcan, Aug 29th, 2013 @ 6:21pm

    this is why my computer is encrypted with the most secure protocol i could find and has a password that well over 50 characters in length. It simply isn't worth the time and effort to break.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 6:32pm

    Re:

    Seriously, I haven't kept anything on a computer that isn't already available to the gov't (tax returns, my accounting and a butt load of LOL-Cats).

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 6:45pm

    I bet the NSA is working on cracking HTTPS. It's a surprisingly vulnerable protocol, actually; most sites that use HTTPS don't support the latest encryption protocol, TLS 1.2, which removed several vulnerabilities, and even TLS 1.2 could be vulnerable due to RC4's weaknesses.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    mattarse (profile), Aug 29th, 2013 @ 6:50pm

    Re: Re:

    Add gifs of lolcats to your tax returns just to confuse them when they do read it.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    Uriel-238 (profile), Aug 29th, 2013 @ 7:05pm

    Intel

    We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic. -- Clapper

    NSA is getting a Vesuvius or D-Wave Two quantum computing system built into the Utah facility according to this. Quantum computers can rapidly break down public key cryptography since it can quickly factor down large numbers to their respective primes.

    I think this means they don't have this capability yet. I wouldn't depend on that as a certainty, though.

    So the future is here. And we still need to work out cryptography that, while not necessarily impenetrable, is still a bother enough to make it impossible for the NSA (or for anyone) to engage in deep-packet-analysis of every incident they encounter. Even poor encryption that they have to triage is going to serve to slow their intelligence-gathering efforts.

    == == ==

    Encrypted with Morbius-Cochrane Perfect Steganographic Codec 1.2.001
    accident fungus golf elastic laser fire apple pie chime

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    New Mexico Mark, Aug 29th, 2013 @ 7:12pm

    Wait a minute

    Isn't that top secret slide just budgetary metadata?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Anonymous Coward, Aug 29th, 2013 @ 7:28pm

    Re: Wait a minute

    And look what it reveals!

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 7:38pm

    Re: Intel

    What will the US military will do once its enemies have learned to break existing cryptographic algorithms? Do we enter a new cryptography arms race, or does the US government give up and transmit everything in the clear?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 7:51pm

    In bed with the enemy

    "The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods."

    Why is the Washington Post seeking help from the Obama administration on what not to publish? Don't publish anything that would put people's lives in jeopardy, but don't go asking the person whose dirty laundry you're exposing about which bits of laundry to expose.

    I think this explains why the Washington Post hasn't been harassed as much as the folks at The Guardian.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Anonymous Coward, Aug 29th, 2013 @ 8:17pm

    Re: In bed with the enemy

    Just what constitutes sources and methods? Doesn't the fact that the NSA (and others) collect ALL electronic (voice and text and video) pretty much cover everything, except the humint (human generated intelligence)? Keep those folks secret if you must. The rest is currently public knowledge.

    Oh, oh, I know. If we (the government) don't admit it, it does not exist.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 8:30pm

    Re: [SPOILERS]

    I have maintained this viewpoint from the beginning of this ruse.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 29th, 2013 @ 9:43pm

    Wrong kind of quantum computer for that

    D-Wave's computers are not classical quantum computers. They are designed to solve certain kinds of NP-complete optimization problems quickly, but no one knows how this could be used to break currently-used public-key encryption schemes.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Uriel-238 (profile), Aug 29th, 2013 @ 10:17pm

    That would be delightfully stupid of the NSA, then...

    ...if the Vesuvius is not what they think it is. Maybe they can donate it to NASA.

    But I would wager that breaking public-key encryption is for what they want a quantum computer, rather than a superfast number cruncher.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    aldestrawk (profile), Aug 29th, 2013 @ 10:30pm

    Re: Intel

    Elsewhere in the document it is mentioned that research into quantum computing is a priority.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    aldestrawk (profile), Aug 29th, 2013 @ 11:28pm

    Re: Intel

    I just took a look at your mind-computer website link. I am rather skeptical about the information there. First off, they claim the D-wave two is going to the Utah Data Center. This is based on the Lockheed contract for one. There is one going to NASA Ames research center in Mountain View, CA in collaboration with Google (ootb where are you?). The NSA has said, in the document referenced by this article, that research into quantum computing is a priority. So, it is likely they are dealing with D-Wave. But the web site looks like it is inventing a connection between Lockheed's purchase and the NSA's Bluffdale facility without any evidence. This kind of sloppy, speculative writing continues.

    They mistake the order of complexity of the traveling salesman problem as O(2^n), when it is O(n!) or, at best, O(n≤2^n) using the Held-Karp algorithm.

    The claims of the capability of the D-Wave 2 system are ridiculous and not at all what D_wave claims. I, personally find the claim:

    Enables the computer to completely reconstruct the human brainís cognitive processes and teach itself how to make better decisions and better predict the future based.

    to be especially absurd (I have a degree in psychobiology and am very much interested in brain function and artificial intelligence).

    I am sorry to be so dismissive without fully reading the whole website, but it doesn't look like a useful resource.

    Given that, it does seem that the NSA is very much interested in quantum computing but this was probably not related to the "enormous breakthrough" in cryptanalysis that Bamford mentioned.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Uriel-238 (profile), Aug 29th, 2013 @ 11:45pm

    Oh yes, please, tell me I'm wrong.

    Thanks, aldestrawk. While a tech-geek, my eyes still glaze over whenever they start talking about qubits.

    I'd really rather cryptanalysis of contemporary cyphers not exceed the rate at which we adopt and standardize new ones, and they seem very eager to decrypt everything with no concern as to who they target.

    This isn't going to go away, even if we completely defund the NSA: we end-users need strong encryption, and we need everyone to be in the habit of using it.

    It bring back the question of what is the enormous breakthrough.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Richard (profile), Aug 30th, 2013 @ 1:47am

    Re: Oh yes, please, tell me I'm wrong.

    It bring back the question of what is the enormous breakthrough.

    Probably not that significant - but you need to demonstrate some success in order to maintain funding.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    Anonymous Howard (profile), Aug 30th, 2013 @ 2:34am

    Re: Intel

    They're building the fuckin' Skynet

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    Richard (profile), Aug 30th, 2013 @ 2:59am

    Re: Re: Intel

    The claims of the capability of the D-Wave 2 system are ridiculous
    Quantum computing has been ridiculously overhyped. This is especially worrying for those of us who find it interesting because of the inevitable backlash that will follow.

    One point of relevance here is that the D wave computer is NOT capable of running Shor's algorithm and hence is not capable of cracking RSA encryption.

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    Richard (profile), Aug 30th, 2013 @ 3:50am

    Re: Re: Intel

    What will the US military will do once its enemies have learned to break existing cryptographic algorithms?

    They will use Quantum Cryptography. Quantum cryptography, done properly, is theoretically unbreakable.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    RyanNerd (profile), Aug 30th, 2013 @ 5:35am

    Old School

    Being the old man that I am I remember when encryption was considered munitions. No really it was.
    When it was no longer considered munitions is when (in my opinion) that the NSA had cracked the RSA encryption standard.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    blaktron (profile), Aug 30th, 2013 @ 8:26am

    Re:

    If they can unravel long keychains, the protocol specifics won't matter. Thats the real threat, if they can break 256 bit encryption on a 2048 bit key in any useful amount of time then the specifics of HOW something is encrypted become less important.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    blaktron (profile), Aug 30th, 2013 @ 10:49am

    Re: Re: Re: Intel

    Although the entire principle of it has been shattered because there is no real way to secure the common time source required by the endpoints (unless we all start putting gravity-calibrated atomic clocks in all our PCs).

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Andrew D. Todd, Aug 30th, 2013 @ 11:51am

    Slowly Delivered Key, Rapidly Delivered Message. (to: Richard, #27)

    Here is an observation: if you know someone well enough to have secrets with them, you can generally arrange to transmit symmetric (private) cipher keys by other means than electronic communications.

    For example, Laura Poitras, in Germany, can find, say, twenty different people who travel back and forth between Germany and Brazil, by various routes, and who are willing to hand-carry a letter to Glen Greenwald. Ideally, many of these couriers should be persons of such repute and standing that interfering with them has major ramifications (eg. people with diplomatic status). Others should be totally obscure people, recruited by circuitous methods, typically students (eg. a young man whose girlfriend's brother is one of Laura Poitras's disciples, and who is doing it for his girlfriend, not for any political conviction). Each letter contains one or more unique symmetric (private) cipher keys, of abundant strength. On receipt of these twenty letters, or such of them as have not been intercepted and seized or destroyed, Glen Greenwald can XOR the keys together to form a key which is at least as secure as the key which was most securely transmitted. He can disclose publicly which keys he is using, to be sure that the message gets back to Laura Poitras. The requisite key strength can be obtained by multiple passes of multiple different ciphers, with a different key for each pass. It ought to be possible to get 500 bits effective strength without too much difficulty. Alternately a "letter" could always include a DVD or a memory stick, in which case a once-only-cipher might be feasible. It's all a question of how paranoid you feel.

    http://security.stackexchange.com/questions/2900/doubling-up-or-cycling-encryption-algorith ms
    http://en.wikipedia.org/wiki/Triple_DES
    http://en.wikipedia.org/wiki/Meet-in-the-middle_attack

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Aug 30th, 2013 @ 12:32pm

    Re:

    Especially not your data, I'd presume.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous, Aug 30th, 2013 @ 1:32pm

    Re:

    Are you sure they haven't already cracked it?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This