Maybe you are thinking of the fact that the NSA was able to influence RSA’s use of a purposefully flawed random number generator used in encryption.
Basically it made it so the NSA could break the encryption of anyone using RSA’s software, which is widely used.
Possibly the other thing you are referring to is the PRISM program which apparently allows for access to user data on company’s servers and communications (Apple, Google, MS, etc.)
Heck, the whole B side comes across as some kind of conspiracy plot…
Back Door Man
I Looked at You
End of the Night
Take It as It Comes
The End
I remember recent news stories about the UK (and of course it would be the UK) threatening to ban applications like SnapChat unless they build in a back door for government invesigators. The major software companies, to their credit, appear to have collectively responded by saying “Fuck you.”
So really, you can’t say this is tinfoil hat stuff, because we have governments openly attempting to create such backdoors.
True – while there’s no real evidence officially installed backdoors (as opposed to the exploitation of accidental bugs) currently exist, the threat certainly does.
The latest development in the UK is a minister (who is apparently shameless enough to pose with a cute little kitten in the picture accompanying the article) whining about the mean old experts who think they know better just because they studied up on this stuff:
By this reasoning, when Thom Tillis suggested making it optional for food servers to wash their hands after using the toilet and public health experts concluded that he was a lunatic and/or an idiot, they should have met halfway and agreed that it was sufficient to wash one hand.
The “backdoors everywhere” has been a routine conspiracy theory. Of course, if it were there, the NSA would not need to reroute shipments specifically to install backdoors.
Also note:
They can’t read your computer automatically, but they can follow anything you do online…
The “down to the keystroke” probably means that when the google suggestions get updated for each keystroke, they see that.
Back in the nineties, the government wanted to put a chip called (yes! You guessed it!) the Clipper in all computers. The Clipper would encrypt all e-mail sent from a computer. The government would retain the key to the Clipper and would also be able to read any e-mail you sent. This was not some secret program. Articles on the Clipper could be seen on the local news and read in all the papers.
Then, some hacker group (I forget if they identified themselves) cracked the Clipper and published the key. This, of course, made the Clipper useless and not one was ever installed.
What can we learn from this?
No such back door would last more than a few days. Hackers and IT professionals all over the world would be looking for it. Once they found it, somebody would post it all over the web.
[QUOTE=DocCathode]
Back in the nineties, the government wanted to put a chip called (yes! You guessed it!) the Clipper in all computers.
[/QUOTE]
With all of the tech people in the San Francisco area, I’m amused that the transportation commission decided to call the One Card for All Transit system Clipper.
Got any cites for that? My memory, Wikipedia, and EPIC (a major opponent of Clipper at the time) say Clipper was for voice (not email) and failed to be adopted on (a) principle (people don’t trust government key escrow) and (b) protocol weaknesses that meant the key escrow wouldn’t actually work (not that any key got revealed by hackers).
There are still such devices being manufactures in the US?
Seems to me that everything electronic that I have bought lately is made in the Far East, mostly China. So just that makes me question the accuracy of this quote.
Ever hear of Cisco?
Very high end stuff yes. Oracle (nee Sun), HP, IBM - the big iron that has been used to run the high end of town is still manufactured in the US. But if it has an x86 chip in it, rather than say Power, Sparc, Itanium, even the server stuff is largely PRC or Taiwan. Very high end x86 may still be US. Assembly of the final product tends to be.
There was a time when these guys ruled the roost in servers right down to pretty small fry, and installing extra hardware would have been an entry into very high value targets. Still a possible way to get to things like email, but the cloud of services is pretty much built out of x86 boxes now - and companies like Google actually roll their own - so essentially zero chance for clandestine interception.
Basically you mean, is there any protection from the US government and the NSA? Just the constitution [ …must keep straight face… ]
Edward Snowden was able to hack the NSA’s computers. I think it is safe to say that if the US government needed to hack your computer, they could. But this isn’t something readily available, and a sufficiently smart sysadmin could make it next to impossible for anyone short of the NSA. Consider that a sysadmin of the City of San Francisco a few years back refused to turn over passwords and was jailed for contempt until he did. That was not sufficient to flush out the NSA’s abilities.
If you don’t want your computer hacked, never hook it up to the internet, and never let anyone else near it. Have a removable hard drive that you can hide that has your data on it.
The government’s latest twisting over Apple encryption is a losing battle. The encryption can be broken, but the resources for each instance are probably enormous. The government likes to go through absolutely everything in cyberspace and data mine it. Not that such efforts gave them any clue about the Boston Marathon bombers prior to the act.
Snowden didn’t really hack the computers. He was a contractor with all the needed passwords. Which goes to the core of all security questions. The vast majority of security breaches, and successes by government agencies in their operations, are human, not technical.
That’s what we have been told, and we don’t have any reason to believe that Snowden can crack truly encrypted stuff. But the NSA probably can do such a thing. I think that there is great worry that Snowden stole the methods of conducting the decryption, possibly the program.
In general it is assumed that no such program can be written. If it were possible it would mean that the encryption method had a major flaw, or deliberate backdoor. If there is no flaw or backdoor breaking the encryption involves massive computation, of world class supercomputer complexity. Even then, many of the more robust encryptions are proof against this. (This isn’t to say that the NSA doesn’t own such massive supercomputer power - it is generally assumed that they do - and also assumed that it is successfully used on a routine basis for attacking encryption that uses less robust methods. Many encryption systems still in use are subject to such attack, so it is probably worth their while.)
The existence of a simple program - one that Snowden could steal - that could break important encryption methods - would be vastly, vastly, more important and newsworthy than the entire content of all the stuff he did steal. It would be one of the most important security breaches of all time. He would certainly understand that. If such a program did exist you can be sure that it would not be rattling about on the general classified machines. It would be inside an isolated facility, with no external communications, and with armed guards at all the doors, and so utterly secret that most members of the NSA and security forces would never get a hint of its existence.
It is hard to imagine the utter chaos and mayhem the release of such a program to the world would cause across the entire planet.
I’ve assumed for a long time that the key encryption method commonly touted as unbreakable has some exploit from math unknown to mathematicians outside the NSA. I’ve seen the math a long time ago suggesting that 256 bit encryption would take trillions of years to break and using 1024 bit is been the minimum industry standard for quite a while now, with military using up to 4128 bit. Which should make anything but a social hack impossible due to the assumed unbreakable nature. I think the NSA mathematicians have made all that possible, and it has not been made public. It would still require enormous resources. I think those resources come in the form of distributed computing, namely, bitcoin, which seems a way to track criminal activity and put the best independent minds in computing on the problem. Yes, I’m nutty enough to think bitcoin is a NSA operation that uses vast worldwide computer resources for pretend bucks that pay a few cents on the dollar to just a few verifyers. But I’m nuts.
Just because I don’t understand something, doesn’t mean it can’t be done.
I have tried a dozen times, I have the information in my computer but I cannot seem to get it from my computer to this message board. Any suggestions?
The trouble with this is that there are man more mathematicians outside the NSA than in, and the USA doesn’t exactly have a mandate on smart people. Finding cracks in the encryption algorithms is a big deal, and lots of people have looked long and hard. The odds are against the NSA having been lucky enough to find the crack that no-one else could. Possible, and a great subject for conspiracy theorist, but it really would be dumb luck that they had done so.
The code for bitcoin is open - we know exactly what it does - and whilst it is related to encryption mathematics - it isn’t breaking encryption.
Personally I have deep suspicions that other supposedly secure systems (particularly TOR) were compromised from the outset.
Rather than just put this in such very nebulous terms, say exactly what it is you are trying to do. Step by step. What information, what sort, how big, what it is you try to do, what happens. Just saying you “cannot” makes it sound more likely user error than anything.
This forum is not set up to take anything other than the text you type into the box. You can’t upload because this forum doesn’t support it. Not for anyone, or for anything. You can provide links (ie URLs) which can refer to content elsewhere, but that meeds to be on some other universally accessible server, not on your personal machine.