The compilation of sensitive data secreted out of the NSA by Edward Snowden continues to be a big thorn in the side of spying agencies. Recent disclosures in Der Spiegel, the newspaper that has leaked the majority of the Snowden information, reveals several programs that the NSA has found to be very difficult, or totally impossible, to decipher. The information is complete as of late 2012, so the NSA may have already overcome these limitations, but the information is interesting.
Some emails are still indecipherable, notably the Zoho encrypted email service. The NSA has also noted that following targets across the Tor network is difficult to impossible, which means it works as advertised. The NSA has been very proactive in their dealings with encryption programs, primarily by working with vendors and committee's to have backdoors installed into the major encryption programs before they are even released to the public. One of the most surprising findings is that TrueCrypt, an open-source program, is largely safe for encrypting data. The NSA apparently didn't have as much luck penetrating an open-source project, which isn't entirely surprising considering the peer-reviewed nature of open source programs. It would be hard to insert a secret back door into a program that is actively worked on by a large group of people without company/government affiliations. PGR encryption tools and OTR chat encryption were also notable exceptions to the NSA's decryption schemes.
The revelations also contained some information on services that are easy prey for the NSA. VPN's are of little help, and the agency has already outwitted the HTTPS system. The NSA was grappling with AES encryption in late 2012, but were yet to make a breakthrough. The NSA's focus on AES means it is likely they have since cracked it, so users beware.
The majority of the programs easily cracked by the NSA are still very safe against typical hackers and bad actors. One would have to be under the scrutiny of the NSA, or another agency with incredible resources, to worry about their BitLocker protected files, for instance. The NSA intercepts millions, and perhaps billions, of communications each year. However, intercepting them and decrypting them are two different undertakings entirely. It is likely that the NSA only decrypts difficult data from individuals or entities they have an active interest in.
- > NEXT STORY: Sony continue to experience problems on the PlayStation Network
- < PREVIOUS STORY: Steam Holiday Sales have Dishonored with 50% off, and more