January 11, 2014
The British argued that the key length had to be reduced [the longer the key length, the stronger the encryption]. Among other things they wanted to make sure that a specified Asian country should not have the opportunity to escape surveillance.
We are still now having an encryption that is about 1000 times weaker than originally planned.
That means that it probably would have taken longer time for NSA and others to crack the encryption, and a certain amount of eavesdropping would have been avoided.
In other words, hackers can break into cellphone calls much more easily because the British spied intentionally made the encryption 1,000 times weaker than it otherwise would have been.
This isn’t the only example of Western spy agencies destroying security.
The N.S.A. has been deliberately weakening the international encryption standards adopted by developers.
New Scientist reports:
The internet is full of holes. The spy agencies in the US and UK have forced technology suppliers to deliberately weaken security measures in the online computing systems that everyone uses. As a result they may have compromised everybody’s security – since the vulnerabilities can be exploited by anybody who discovers them.
One of the leaked documents reveals that the NSA and GCHQ aim to “insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets”. An “endpoint communications system” simply means a computer, tablet or cellphone.
A top expert in the ‘microprocessors’ or ‘chips’ inside every computer – having helped start two semiconductor companies and a supercomputer firm – says:
He would be “surprised” if the US National Security Agency was not embedding “back doors” inside chips produced by Intel and AMD, two of the world’s largest semiconductor firms, giving them the possibility to access and control machines.
[The expert] said when he learned the NSA had secured “pre-encryption stage” access to Microsoft’s email products via the PRISM leaks, he recognised that “pretty much all our computers have a way for the NSA to get inside their hardware” before a user can even think about applying encryption or other defensive measures.
Documents leaked by Edward Snowden show that the NSA targeted:
Firewalls from Juniper Networks, hard drives from Western Digital, Seagate, Maxtor and Samsung, networking gear from Cisco and Huawei, and servers from Dell [as well as other equipment.]
NSA also encourages large internet companies to delay patching vulnerabilities, to allow the NSA time to exploit them. See this and this. In other words, the NSA encourages companies to allow vulnerabilities to remain unfixed.
And the NSA started building in backdoor access to all Windows software by 1999.
Whenever the NSA or GCHQ creates a “backdoor”, it allows all sorts of bad guys in to exploit it.
Spying makes us vulnerable to hackers and other bad guys:
“By weakening encryption, the NSA allows others to more easily break it. By installing backdoors and other vulnerabilities in systems, the NSA exposes them to other malicious hackers—whether they are foreign governments or criminals. As security expert Bruce Schneier explained, ‘It’s sheer folly to believe that only the NSA can exploit the vulnerabilities they create.’”
“[NSA spying] breaks our technical systems, as the very protocols of the Internet become untrusted.
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.
We need to recognize that security is more important than surveillance, and work towards that goal.”
“A team of  UK academics specialising in cryptography has warned … that ‘by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies‘….
The biggest risk, they imply, is that civilian systems and infrastructure – perhaps including physical systems such as the power grid – could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same ‘backdoors’ in software that have been planted there by the western agencies.”
The NSA and GHCQ’s mucking about has made us all less safe …
This article was posted: Saturday, January 11, 2014 at 9:44 am