background preloader

Bullrun - NSA planting backdoors into cryptography

Facebook Twitter

NSA Welcome to the National Security Agency - NSA/CSS. Conflict of interest. The presence of a conflict of interest is independent of the occurrence of impropriety.

Conflict of interest

Therefore, a conflict of interest can be discovered and voluntarily defused before any corruption occurs. A widely used definition is: "A conflict of interest is a set of circumstances that creates a risk that professional judgement or actions regarding a primary interest will be unduly influenced by a secondary interest. "[1] Primary interest refers to the principal goals of the profession or activity, such as the protection of clients, the health of patients, the integrity of research, and the duties of public office.

Secondary interest includes not only financial gain but also such motives as the desire for professional advancement and the wish to do favours for family and friends, but conflict of interest rules usually focus on financial relationships because they are relatively more objective, fungible, and quantifiable. National Institute of Standards and Technology. US & UK spy agencies defeat privacy + security on the internet. US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

US & UK spy agencies defeat privacy + security on the internet

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments. NYT: Unlocking Private Communications - Graphic. N.S.A. Able to Foil Basic Safeguards of Privacy on Web. Documents Reveal N.S.A. Campaign Against Encryption - Document. Propublica: The NSA's Secret Campaign to Crack, Undermine Internet Encryption. The National Security Agency headquarters at Fort Meade, Md., in January 2010.

propublica: The NSA's Secret Campaign to Crack, Undermine Internet Encryption

(Saul Loeb/AFP/Getty Images Sept. 6: This story has been updated with a response from the Office of the Director of National Intelligence [2]. The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

Why We Published the Decryption Story. We explain why publishing this story about U.S. and U.K. government efforts to decode enormous amounts of internet traffic previously thought to have been safe is in the public interest.

Why We Published the Decryption Story

Sept. 6: This Closer Look has been updated with a response from the Office of the Director of National Intelligence [1]. ProPublica is today publishing a story [2] in partnership with the Guardian and The New York Times about U.S. and U.K. government efforts to decode enormous amounts of Internet traffic previously thought to have been safe from prying eyes. This story is based on documents provided by Edward Snowden, the former intelligence community employee and contractor. We want to explain why we are taking this step, and why we believe it is in the public interest.

The story, we believe, is an important one. Two possible analogies may help to illuminate our thinking here. The second analogy, while admittedly science fiction, seems to us to offer a clearer parallel. #odni- The NSA Is Breaking Most Encryption on the Internet. The new Snowden revelations are explosive.

The NSA Is Breaking Most Encryption on the Internet

Basically, the NSA is able to decrypt most of the Internet. They're doing it primarily by cheating, not by mathematics. It's joint reporting between the Guardian, the New York Times, and ProPublica. I have been working with Glenn Greenwald on the Snowden documents, and I have seen a lot of them. These are my two essays on today's revelations. The US government has betrayed the internet. We need to take it back. Government and industry have betrayed the internet, and us.

The US government has betrayed the internet. We need to take it back

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do. Open letter to Guardian + @ggreenwald asking them to reveal compromised encryption. InfoSec generally works to avoid embarrassing the companies.

Open letter to Guardian + @ggreenwald asking them to reveal compromised encryption

Open Letter to Glenn Greenwald. With The NSA, The GCHQ, The FRA Planting Crypto Backdoors In Infrastructure, They Are Now The Enemy Of All Mankind. The security services of the US, UK, and Sweden have been actively working to plant backdoors into most commercial cryptography software.

With The NSA, The GCHQ, The FRA Planting Crypto Backdoors In Infrastructure, They Are Now The Enemy Of All Mankind

While intended to use for wiretapping business secrets, medical journals and bank transactions, those backdoors are also there for any other adversary. Latest Snowden revelation: NSA sabotaged electronic locks. The latest Edward Snowden-powered exposé published by the New York Times, ProPublica and the Guardian is, to me, the most frightening.

Latest Snowden revelation: NSA sabotaged electronic locks

It reveals that the National Security Agency has moved beyond its historic role as a code-breaker to become a saboteur of the encryption systems. Its work has allegedly weakened the scrambling not just of terrorists' emails but also bank transactions, medical records and communications among coworkers. ScienceGuide: All welcome through the back door. 9 september 2013 - Urged by the NSA and GCHQ, technology firms create ‘back doors’, thereby leaving their software vulnerable for snooping by spy agencies and… for anyone else.

ScienceGuide: All welcome through the back door

“All you need is enough computing power.” Following the latest revelation of the Snowden documents, government spy agencies NSA end GSHQ push technology firms to introduce ‘back doors’ to bypass security measures like encryption and passwords. The NSA Has Destroyed All Web Security. We Must Rebuild It. Csoghoian: NSA dropped a massive bomb on Silicon Valley. The economic destruction will be massive... On the (provable) security of TLS: Part 1. If you sit a group of cryptographers down and ask them whether TLS is provably secure, you're liable to get a whole variety of answers.

Some will just giggle. Others will give a long explanation that hinges on the definitions of 'prove' and 'secure'. What you will probably not get is a clear, straight answer. In fairness, this is because there is no clear, straight answer. Unfortunately, like all the things you really need to know in life, it's complicated. MatthewGreen: On the NSA. Let me tell you the story of my tiny brush with the biggest crypto story of the year. A few weeks ago I received a call from a reporter at ProPublica, asking me background questions about encryption.

Right off the bat I knew this was going to be an odd conversation, since this gentleman seemed convinced that the NSA had vast capabilities to defeat encryption. And not in a 'hey, d'ya think the NSA has vast capabilities to defeat encryption? ' kind of way. No, he'd already established the defeating. Oddness aside it was a fun (if brief) set of conversations, mostly involving hypotheticals.

MatthewGreen: On the NSA. Apology. Dear Matt I write to apologize for any difficulty I caused you yesterday over the post on your blog. I realize now that I acted too quickly, on the basis of inadequate and – as it turns out – incorrect information. I requested that you take down the post without adequately checking that information and without first providing you with an opportunity to correct it. As an academic and as a member of the faculty at Johns Hopkins for 30 years, I am wholly supportive of academic freedom and keenly aware of its centrality to our enterprise.

MatthewGreen: On the NSA. Jay Rosen: NSA's next move: silencing university professors? This actually happened yesterday: A professor in the computer science department at Johns Hopkins, a leading American university, had written a post on his blog, hosted on the university's servers, focused on his area of expertise, which is cryptography.

The post was highly critical of the government, specifically the National Security Agency, whose reckless behavior in attacking online security astonished him. Professor Matthew Green wrote on 5 September: Crypto prof asked to remove NSA-related blog post. Matthew Green is a well-known cryptography professor, currently teaching in the computer science department of Johns Hopkins University in Baltimore. Last week, Green authored a long and interesting blog post about the recent revelations that the National Security Agency (NSA) has, among much else, subverted crypto standards.

In his words, "The TL;DR ['too long; didn't read' version] is that the NSA has been doing some very bad things. " And Green went on to speculate at some length about what those "bad things" were and what they might mean. OpenSSL: The Open Source toolkit for SSL/TLS. Microsoft CryptoAPI. The Cryptographic Application Programming Interface (also known variously as CryptoAPI, Microsoft Cryptography API, MS-CAPI or simply CAPI) is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography.

Is It the Dawn of the Encryption App? Did the FBI Lean On Microsoft for Access to Its Encryption Software? Cryptographic Standards Statement. NIST's Ridiculous Non-Response Response To Revelation That NSA Controlled Crypto Standards Process. NIST's Ridiculous Non-Response Response To Revelation That NSA Controlled Crypto Standards Process.

Bullrun (decryption program) Bullrun (stylized BULLRUN) is a clandestine, highly classified decryption program run by the United States National Security Agency (NSA).[1][2] The British signals intelligence agency Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. Information about the program's existence was leaked in 2013 by Edward Snowden.