Wednesday, September 11, 2013

LATEST SNOWDEN LEAK REVEALS NSA'S ABILITY TO TAP YOUR MOBILE PHONE AND ENCRYPTION INCLUDE TOR ANONYMITY NETWORK

                                                       

Snow den : n s a also crack almost any encryption include tor anonymity network


The spy agencies' activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet.
 
They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.
Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security.
                                  The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key.

Graham said that Tor still uses 1024 RSA/DH keys for much of its crypto particularly because most people are still using older versions of the software. The older 2.3 versions of Tor use keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.

The latest release of Tor, version 2.4, switches from the standard Diffie-Hellman key exchange to ECDHE, which are Elliptical-Curve Diffie-Hellman keys, which may greatly increase the privacy of the Tor network.

Of course there's no guarantee that the NSA hasn't already found an easy way to crack ECDHE, but considering it's not currently as common as other encryption techniques, for now there's a greater chance that it's more secure.

Unfortunately for the thousands of people who rely on Tor, many of the devices they use to connect to its servers could still be infiltrated by the NSA. To make matters worse, it came just a day after the report that 90 percent of Internet users have taken steps to avoid surveillance in some way.

Bruce Schneier, security blogger made the following statement that Government and industry have betrayed the internet, and us. "By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract."
He advised to Hide yourself in the network, Encrypt your communications, Assume that while your computer can be compromised, it would take work and risk on the part of the NSA so it probably isn’t, Be suspicious of commercial encryption software, especially from large vendors. Try to use public-domain encryption that has to be compatible with other implementations.

It has been made public that the Department of Defense provided Tor with $876,099 in 2012, a sum large enough to make up 40 percent of the project’s $2 million budget. Tor’s executive director Andrew Lewman has said that the intelligence agency has not requested a backdoor into the system.

Latest Snowden Leak Reveals NSA's Ability To Tap Your Mobile Phone

The latest article coming out of Ed Snowden's documents is reported in the German publication Spiegel and details how the NSA is able to access data from basically every popular mobile phone/operating system:
The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. Top secret NSA documents that SPIEGEL has seen explicitly note that the NSA can tap into such information on Apple iPhones, BlackBerry devices and Google's Android mobile operating system.

The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been.

The documents also indicate that the NSA has set up specific working groups to deal with each operating system, with the goal of gaining secret access to the data held on the phones.
The "location" tidbit is particularly interesting, in part because that's one point that Senator Ron Wyden has asked the NSA to discuss repeatedly: whether or not it's tracking people's location info based on their mobile phones, and the NSA has denied that they do (or, rather, indicated that they're not doing that currently). 

As for the Blackberry, that's often been pitched because it was supposedly much more secure than other phones -- but the NSA figured out how to get around that. And here's an interesting tidbit: for a little while, they lost access because RIM changed how it encrypted its data:
The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can "see and read SMS traffic." It also notes there was a period in 2009 when the NSA was temporarily unable to access BlackBerry devices. After the Canadian company acquired another firm, it changed the way in compresses its data. But in March 2010, the department responsible declared it had regained access to BlackBerry data and celebrated with the word, "champagne!"

The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable.
The 2010 cracking of Blackberry data is interesting, because we've noted previously that the NSA had claimed a "major" breakthrough in breaking encryption in 2010. This was first reported by James Bamford a few years ago, and discussed in more detail just last week with the revelation about their encryption hacking efforts. These may have been different breakthroughs, but interesting to see the timing. 

Either way, it's yet more confirmation of the capabilities of the NSA to tap into almost anything if it really wants to.

No comments:

facebook frnds

About Me