Intelligence Black Budget Reveals Major Focus By NSA On Cracking Encryption

from the how-safe-is-your-encryption dept

Thu, Aug 29th 2013 4:11pm — Mike Masnick

There are lots of people digging through the latest Ed Snowden leaks concerning the black budget for intelligence activities in the US trying to pick out various nuggets. Over at Wired, Kevin Poulsen has found one of the most interesting tidbits, highlighting how James Clapper cheers on the "groundbreaking cryptanalytic capabilities to defeat adversarial cryptofgraphy and exploit internet traffic." In short, the NSA has gotten pretty good at breaking encrypted communications. Encryption is a strong protector, but can be broken -- and that's always been a part of the NSA's mission: code-breaking. But, there have long been questions about to what level the NSA can break today's popular encryption standards. What today's leaks show is that they're apparently pretty successful and are spending more and more money on it:

The pie chart above? That's $11 billion and it employes 35,000 people. Breaking your encryption. As Poulsen notes, James Bamford (who has followed the NSA closely for years) revealed last year that the NSA had recently made an "enormous breakthrough" in cryptanalysis, and this should raise some questions about just how secure various forms of encryption really are today.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: black budget, encryption, nsa, nsa surveillance, spying, surveillance

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 29 Aug 2013 @ 4:34pm

CryptoWars Episode II
[ link to this | view in chronology ]
Namel3ss (profile), 29 Aug 2013 @ 4:35pm

Wow, the farther we fall down the rabbit hole...
The more I realize what a service Snowden did for the American public. Hats off to you Ed, wherever you are.

The genie is so far out of the bottle, the govt should just give up and come clean already. They're never getting this genie back in there.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

Anonymous Coward, 29 Aug 2013 @ 4:46pm

Georgia Institute of Technology rocked the higher education world when it announced plans to offer a fully online master�s degree in computer science for roughly one-seventh the price of its on-campus equivalent � less than $7,000.

Read more: http://blog.credit.com/2013/08/the-7000-masters-degree-scaring-colleges/#ixzz2dPABS1Fn
[ link to this | view in chronology ]
blaktron (profile), 29 Aug 2013 @ 5:29pm

Are my paranoid tweets starting to sound a lot less paranoid Mike?
[ link to this | view in chronology ]
Rikuo (profile), 29 Aug 2013 @ 5:31pm

Where's the part about some of that black budget going towards developing a nuclear-armed bipedal robot out in the Fox Archipelago off the coast of Alaska?
[ link to this | view in chronology ]
Daniel Joseph Calvanese (profile), 29 Aug 2013 @ 5:46pm

[SPOILERS]
I wouldn't be surprised if the next leak says that some secret agency self-funds through drug trafficking. We already knew that, but for some reason... it's news!

The NSA is spying on everyone, saving everything ever sent, and trying to break cryptography everywhere it is. This is news? No, this is history. We've been bullying countries for decades, getting into wars on false premises, obliterating our own middle class, hunting down a benign plant (which happens to be winning), blah blah prison industrial complex, and on and on and on. I mean, seriously, if someone blows up your neighbor for profit and then says 'trust us we will be good,' then explodes the next town over, and then the next country, do you really think they will show some restraint when you come under the microscope? Are these revelations really the kinds of things we should be surprised about?

What I'm trying to say is this: I don't believe for a second that Edward Snowden is genuine. Look up the term 'limited hangout,' and then ask yourself what Snowden has revealed that we didn't already know. The only difference between pre-snowden and post-snowden worlds is that the establishment isn't even bothering with chicanery anymore. They are just out in the open with several contradictions at once, and the masses don't care.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Aug 2013 @ 8:30pm
  
  Re: [SPOILERS]
  I have maintained this viewpoint from the beginning of this ruse.
  [ link to this | view in chronology ]
Uriel-238 (profile), 29 Aug 2013 @ 5:57pm

We're going to need a bigger codec.
So, does this mean my notion of encouraging everyone to encrypt everything isn't going to force them to triage?

Well, I'm embarrassed.
[ link to this | view in chronology ]
arcan, 29 Aug 2013 @ 6:21pm

this is why my computer is encrypted with the most secure protocol i could find and has a password that well over 50 characters in length. It simply isn't worth the time and effort to break.
[ link to this | view in chronology ]
- Anonymous Coward, 29 Aug 2013 @ 6:32pm
  
  Re:
  Seriously, I haven't kept anything on a computer that isn't already available to the gov't (tax returns, my accounting and a butt load of LOL-Cats).
  [ link to this | view in chronology ]
  - mattarse (profile), 29 Aug 2013 @ 6:50pm
    
    Re: Re:
    Add gifs of lolcats to your tax returns just to confuse them when they do read it.
    [ link to this | view in chronology ]
- Anonymous Coward, 30 Aug 2013 @ 12:32pm
  
  Re:
  Especially not your data, I'd presume.
  [ link to this | view in chronology ]
Anonymous Coward, 29 Aug 2013 @ 6:45pm

I bet the NSA is working on cracking HTTPS. It's a surprisingly vulnerable protocol, actually; most sites that use HTTPS don't support the latest encryption protocol, TLS 1.2, which removed several vulnerabilities, and even TLS 1.2 could be vulnerable due to RC4's weaknesses.
[ link to this | view in chronology ]
- blaktron (profile), 30 Aug 2013 @ 8:26am
  
  Re:
  If they can unravel long keychains, the protocol specifics won't matter. Thats the real threat, if they can break 256 bit encryption on a 2048 bit key in any useful amount of time then the specifics of HOW something is encrypted become less important.
  [ link to this | view in chronology ]
- Anonymous, 30 Aug 2013 @ 1:32pm
  
  Re:
  Are you sure they haven't already cracked it?
  [ link to this | view in chronology ]
Uriel-238 (profile), 29 Aug 2013 @ 7:05pm

Intel
We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic. -- Clapper

NSA is getting a Vesuvius or D-Wave Two quantum computing system built into the Utah facility according to this. Quantum computers can rapidly break down public key cryptography since it can quickly factor down large numbers to their respective primes.

I think this means they don't have this capability yet. I wouldn't depend on that as a certainty, though.

So the future is here. And we still need to work out cryptography that, while not necessarily impenetrable, is still a bother enough to make it impossible for the NSA (or for anyone) to engage in deep-packet-analysis of every incident they encounter. Even poor encryption that they have to triage is going to serve to slow their intelligence-gathering efforts.

== == ==

Encrypted with Morbius-Cochrane Perfect Steganographic Codec 1.2.001
accident fungus golf elastic laser fire apple pie chime
[ link to this | view in chronology ]
- Anonymous Coward, 29 Aug 2013 @ 7:38pm
  
  Re: Intel
  What will the US military will do once its enemies have learned to break existing cryptographic algorithms? Do we enter a new cryptography arms race, or does the US government give up and transmit everything in the clear?
  [ link to this | view in chronology ]
  - Richard (profile), 30 Aug 2013 @ 3:50am
    
    Re: Re: Intel
    What will the US military will do once its enemies have learned to break existing cryptographic algorithms?
    
    They will use Quantum Cryptography. Quantum cryptography, done properly, is theoretically unbreakable.
    [ link to this | view in chronology ]
    - blaktron (profile), 30 Aug 2013 @ 10:49am
      
      Re: Re: Re: Intel
      Although the entire principle of it has been shattered because there is no real way to secure the common time source required by the endpoints (unless we all start putting gravity-calibrated atomic clocks in all our PCs).
      [ link to this | view in chronology ]
    - Andrew D. Todd, 30 Aug 2013 @ 11:51am
      
      Slowly Delivered Key, Rapidly Delivered Message. (to: Richard, #27)
      Here is an observation: if you know someone well enough to have secrets with them, you can generally arrange to transmit symmetric (private) cipher keys by other means than electronic communications.
      
      For example, Laura Poitras, in Germany, can find, say, twenty different people who travel back and forth between Germany and Brazil, by various routes, and who are willing to hand-carry a letter to Glen Greenwald. Ideally, many of these couriers should be persons of such repute and standing that interfering with them has major ramifications (eg. people with diplomatic status). Others should be totally obscure people, recruited by circuitous methods, typically students (eg. a young man whose girlfriend's brother is one of Laura Poitras's disciples, and who is doing it for his girlfriend, not for any political conviction). Each letter contains one or more unique symmetric (private) cipher keys, of abundant strength. On receipt of these twenty letters, or such of them as have not been intercepted and seized or destroyed, Glen Greenwald can XOR the keys together to form a key which is at least as secure as the key which was most securely transmitted. He can disclose publicly which keys he is using, to be sure that the message gets back to Laura Poitras. The requisite key strength can be obtained by multiple passes of multiple different ciphers, with a different key for each pass. It ought to be possible to get 500 bits effective strength without too much difficulty. Alternately a "letter" could always include a DVD or a memory stick, in which case a once-only-cipher might be feasible. It's all a question of how paranoid you feel.
      
      http://security.stackexchange.com/questions/2900/doubling-up-or-cycling-encryption-algorith ms
      http://en.wikipedia.org/wiki/Triple_DES
      http://en.wikipedia.org/wiki/Meet-in-the-middle_attack
      [ link to this | view in chronology ]
- Anonymous Coward, 29 Aug 2013 @ 9:43pm
  
  Wrong kind of quantum computer for that
  D-Wave's computers are not classical quantum computers. They are designed to solve certain kinds of NP-complete optimization problems quickly, but no one knows how this could be used to break currently-used public-key encryption schemes.
  [ link to this | view in chronology ]
- aldestrawk (profile), 29 Aug 2013 @ 10:30pm
  
  Re: Intel
  Elsewhere in the document it is mentioned that research into quantum computing is a priority.
  [ link to this | view in chronology ]
- aldestrawk (profile), 29 Aug 2013 @ 11:28pm
  
  Re: Intel
  I just took a look at your mind-computer website link. I am rather skeptical about the information there. First off, they claim the D-wave two is going to the Utah Data Center. This is based on the Lockheed contract for one. There is one going to NASA Ames research center in Mountain View, CA in collaboration with Google (ootb where are you?). The NSA has said, in the document referenced by this article, that research into quantum computing is a priority. So, it is likely they are dealing with D-Wave. But the web site looks like it is inventing a connection between Lockheed's purchase and the NSA's Bluffdale facility without any evidence. This kind of sloppy, speculative writing continues.
  
  They mistake the order of complexity of the traveling salesman problem as O(2^n), when it is O(n!) or, at best, O(n�2^n) using the Held-Karp algorithm.
  
  The claims of the capability of the D-Wave 2 system are ridiculous and not at all what D_wave claims. I, personally find the claim:
  
  Enables the computer to completely reconstruct the human brain�s cognitive processes and teach itself how to make better decisions and better predict the future based.
  
  to be especially absurd (I have a degree in psychobiology and am very much interested in brain function and artificial intelligence).
  
  I am sorry to be so dismissive without fully reading the whole website, but it doesn't look like a useful resource.
  
  Given that, it does seem that the NSA is very much interested in quantum computing but this was probably not related to the "enormous breakthrough" in cryptanalysis that Bamford mentioned.
  [ link to this | view in chronology ]
  - Richard (profile), 30 Aug 2013 @ 2:59am
    
    Re: Re: Intel
    The claims of the capability of the D-Wave 2 system are ridiculous
    Quantum computing has been ridiculously overhyped. This is especially worrying for those of us who find it interesting because of the inevitable backlash that will follow.
    
    One point of relevance here is that the D wave computer is NOT capable of running Shor's algorithm and hence is not capable of cracking RSA encryption.
    [ link to this | view in chronology ]
- Anonymous Howard (profile), 30 Aug 2013 @ 2:34am
  
  Re: Intel
  They're building the fuckin' Skynet
  [ link to this | view in chronology ]
New Mexico Mark, 29 Aug 2013 @ 7:12pm

Wait a minute
Isn't that top secret slide just budgetary metadata?
[ link to this | view in chronology ]
- Anonymous Anonymous Coward, 29 Aug 2013 @ 7:28pm
  
  Re: Wait a minute
  And look what it reveals!
  [ link to this | view in chronology ]
Anonymous Coward, 29 Aug 2013 @ 7:51pm

In bed with the enemy
"The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods."

Why is the Washington Post seeking help from the Obama administration on what not to publish? Don't publish anything that would put people's lives in jeopardy, but don't go asking the person whose dirty laundry you're exposing about which bits of laundry to expose.

I think this explains why the Washington Post hasn't been harassed as much as the folks at The Guardian.
[ link to this | view in chronology ]
- Anonymous Anonymous Coward, 29 Aug 2013 @ 8:17pm
  
  Re: In bed with the enemy
  Just what constitutes sources and methods? Doesn't the fact that the NSA (and others) collect ALL electronic (voice and text and video) pretty much cover everything, except the humint (human generated intelligence)? Keep those folks secret if you must. The rest is currently public knowledge.
  
  Oh, oh, I know. If we (the government) don't admit it, it does not exist.
  [ link to this | view in chronology ]
Uriel-238 (profile), 29 Aug 2013 @ 10:17pm

That would be delightfully stupid of the NSA, then...
...if the Vesuvius is not what they think it is. Maybe they can donate it to NASA.

But I would wager that breaking public-key encryption is for what they want a quantum computer, rather than a superfast number cruncher.
[ link to this | view in chronology ]
Uriel-238 (profile), 29 Aug 2013 @ 11:45pm

Oh yes, please, tell me I'm wrong.
Thanks, aldestrawk. While a tech-geek, my eyes still glaze over whenever they start talking about qubits.

I'd really rather cryptanalysis of contemporary cyphers not exceed the rate at which we adopt and standardize new ones, and they seem very eager to decrypt everything with no concern as to who they target.

This isn't going to go away, even if we completely defund the NSA: we end-users need strong encryption, and we need everyone to be in the habit of using it.

It bring back the question of what is the enormous breakthrough.
[ link to this | view in chronology ]
- Richard (profile), 30 Aug 2013 @ 1:47am
  
  Re: Oh yes, please, tell me I'm wrong.
  It bring back the question of what is the enormous breakthrough.
  
  Probably not that significant - but you need to demonstrate some success in order to maintain funding.
  [ link to this | view in chronology ]
RyanNerd (profile), 30 Aug 2013 @ 5:35am

Old School
Being the old man that I am I remember when encryption was considered munitions. No really it was.
When it was no longer considered munitions is when (in my opinion) that the NSA had cracked the RSA encryption standard.
[ link to this | view in chronology ]