A List Of Online Encryption Tools That The NSA Has Already Foiled

encryption

Why even bother trying? The New York Times reveals:

The NSA is winning its long-running secret war on encryption. Below are encryption tools the agency has had some success in cracking, according to documents provided by Edward Snowden.

Virtual Private Networks – Commonly used by businesses to allow employees to access work networks from outside the office, via an encrypted “tunnel” through a public network.

Encrypted chat – Available with chat programs like Adium or with software added to programs like AOL Instant Messenger, providing “end to end” encryption, in which the data cannot be decrypted at any point along the transfer (even by the messaging service).

Encrypted Voice over Internet Protocol – Services like Microsoft’s Skype and Apple’s FaceTime allow users to make free, encrypted phone and video calls over the Internet. The documents suggest that the N.S.A. is working with some VoIP services to obtain pre-encryption access to such messages.

SSH Secure Shell – For Linux and Mac operating system users, this is the standard way to gain access to a remote computer.

HTTPS (Hypertext Transfer Protocol Secure) – This has long been a standard way to encrypt password and financial information when sending information from a computer to a server, and it is becoming more common with social media sites like Facebook and Twitter and Webmail services like Gmail. A URL that begins with “https://” and displays a small padlock icon designates a secured web page.

TLS/SSL (Transport Layer Security/Secure Sockets Layer) – The most common way to secure information sent over the Internet (including Web browsing and e-mail) and internal servers. HTTPS is secured by applying TLS/SSL to a Web site.

, , , , ,

  • Mark Welch

    The problem is not in the protocols in many cases, but in their implementation and stewardship. See also http://arstechnica.com/security/2013/09/spooks-break-most-internet-crypto-but-how/

    • sonicbphuct

      the problem is the raw number of vectors that have no technical solution since the problem isn’t technical: backdoors, sneek & peeks, zero day exploits drawn out to 500 days, supply chain, etc. Jacob Applebaum wrote an interesting piece on discrete builds as a means to ensure a clean build process. Compromised disk firmware, compromised bios, network adapter … unless we can build and write all this stuff ourselves, we’re reliant on the giants to maintain a certain level of security for us. If they don’t – that is, if they cooperate with the gov or the russian maffia – we’re wasting our time encrypting things, because the “enemy” has it before it has been encrypted.

  • Simon Valentine

    LoL

  • BuzzCoastin

    all that effort & money
    and still according to official reports
    a group of goofy Arabs with box cutters
    owned & pawned the largest military spy organizations in the whirled
    simpletons with no real experience
    humiliated Homeland spy organizations & “defense” systems
    and if that wasn’t enough
    a low level systems administrator
    walked off with all their secrets

    the NSA couldn’t find an elephant hiding in a haystack
    but they sure can burn cash & hire contractors
    hmmmm

    • I_abide

      It’s all about the illusion of doing something so they can continue getting paid.

  • symbiont

    This is why once in a while I’ll type “dear NSA, if your watching: fuck you ya perves” in the address bar… just in case, you know.

  • Badd Karma

    use PGP

  • frafri

    why are we letting them spy on us???

  • DeepCough

    Preach the gospel, Shane Botwin.

    http://www.youtube.com/watch?v=MVHjlCIHnFE

  • Charlie Primero

    I theorize on the purpose of these deceptive headlines. Joe Schmuk in Sales and Cindy Downer in Accounting will never read these articles closely enough to discern that the headlines are false. Their takeaway will be “there is no point in even attempting personal privacy”.

    Schneier gives a much better commentary than any MSM:
    https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html

  • Lookinfor Buford

    This article is long on claim and short on citation. I smell a motive.

    • I_abide

      I can’t say for sure about the rest of these but SSL can be dealt with relatively easily depending on the situation. A man in the middle attack can get around it.

      Edit: Admittedly I doubt they are using that simple of an approach to it but it is possible.

      http://resources.infosecinstitute.com/mitm-using-sslstrip/

21
More in Computers, Hacking, Internet, NSA, Privacy
OFF Pocket Takes Your Phone Off the Grid (Sorry NSA)

I imagine every disinfonaut will be wanting one of these... Josh Dzieza reports on the OFF Pocket for Daily Beast: Haute couture usually makes you stand out, but Adam Harvey and...

Close