Skip to main content

Reports: NSA has cracked much online encryption

By Peter Wilkinson and Laura Smith-Spark, CNN
September 6, 2013 -- Updated 1739 GMT (0139 HKT)
The NSA has been able to unscramble much of the encoding that keeps people's personal data safe online, reports say.
The NSA has been able to unscramble much of the encoding that keeps people's personal data safe online, reports say.
STORY HIGHLIGHTS
  • NEW: This is the most important leak to date from Edward Snowden, an analyst says
  • Reports: NSA and GCHQ have cracked much of the encryption protecting online data
  • The agencies have secret partnerships with technology companies, the reports say
  • The encryption safeguards data including e-mails, banking systems and medical records

(CNN) -- The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people's personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.

The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain's Guardian newspaper.

According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.

The agencies' methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.

"Through these covert partnerships, the agencies have inserted secret vulnerabilities -- known as backdoors or trapdoors -- into commercial encryption software," The Guardian says.

Jonathan Pollard is a divisive figure in U.S.-Israeli relations. The former U.S. Navy intelligence analyst was caught spying for Israel in 1985 and was sentenced in 1987 to life imprisonment. The United States and Israel are discussing his possible release as part of efforts to save fragile Middle East peace negotiations, according to sources familiar with the talks. Click through the gallery to see other high-profile leak scandals the United States has seen over the years. Jonathan Pollard is a divisive figure in U.S.-Israeli relations. The former U.S. Navy intelligence analyst was caught spying for Israel in 1985 and was sentenced in 1987 to life imprisonment. The United States and Israel are discussing his possible release as part of efforts to save fragile Middle East peace negotiations, according to sources familiar with the talks. Click through the gallery to see other high-profile leak scandals the United States has seen over the years.
Sharing secrets: U.S. intelligence leaks
HIDE CAPTION
<<
<
1
2
3
4
5
6
7
8
9
10
>
>>
Sharing secrets: U.S. intelligence leaks Sharing secrets: U.S. intelligence leaks
Why are Brazil, Mexico angry with NSA?
NSA surveillance revelations
NSA accused of illegal surveillance

The Guardian cites a 2010 GCHQ memo that it says describes a briefing on NSA accomplishments given to GCHQ employees.

"For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used Internet encryption technologies," the memo reportedly says. "Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."

A second memo is quoted as saying that when the British analysts, who often work alongside NSA officers, were first told about the program, "those not already briefed were gobsmacked."

Another document states that GCHQ has been working to find ways into the encrypted data sent via four big Internet firms, Google, Yahoo, Facebook and Microsoft's Hotmail, the reports claim.

GCHQ told CNN it had no comment on The Guardian report.

The reports claim that the NSA worked to develop more covert ways of unscrambling online data after losing a public battle in the 1990s to insert a government "back door" into all programming.

'Foundation of web security'

Computer security expert Mikko Hypponen believes the revelation is the most important leak to date from Snowden.

"It may not have gained as many headlines as some of his other stories, because most people don't understand how crypto systems work. If indeed U.S intelligence does indeed have such a wide range of systems, then I'm surprised," he told CNN.

Crypto encryption is relevant to everyday applications that everyone uses, for example in communications and transactions, he said. "Now we learn that the foundation of web security has been compromised."

Hypponen, the chief research officer for F-Secure, said he believes the NSA and GCHQ had probably cracked the encryption by placing moles in key companies at key locations. "Any major service provider must have sizable amounts of moles from intelligence agencies. Remember that the NSA has 35,000 people working for it," he said.

"The ordinary user should not be worried by these revelations -- it's obvious that intelligence agencies are not interested in hacking financial transactions -- but they should be outraged."

He suggested those outside the United States should be the most concerned.

"How many U.S. politicians use French cloud-services? Almost none. But how many French politicians use U.S. cloud services? All of them," he said. "Remember that 96% of the planet's inhabitants are foreigners to the United States, so it's wrong that the U.S. has a legal right to access foreign communications."

Public concern

The scope of hidden U.S. surveillance programs has been brought to public light through leaks to media outlets by Snowden, who fled the United States and is now in Russia under temporary asylum. He faces espionage charges.

The revelations have led many Americans, according to polls, to harbor skepticism about the NSA programs. They've also generated concern in Congress as well as from privacy groups and libertarians.

Last month, President Barack Obama sought to allay people's unease over the work of the intelligence agency in an interview with CNN "New Day" anchor Chris Cuomo.

Obama said he was confident no one at the NSA is "trying to abuse this program or listen in on people's e-mail." The president chalked much of the concern with domestic snooping on changes in technology.

"I think there are legitimate concerns that people have that technology is moving so quick," Obama said. "What I recognize is that we're going to have to continue to improve the safeguards and as technology moves forward, that means that we may be able to build technologies that give people more assurance."

CNN's Bharati Naik contributed to this report.

ADVERTISEMENT
Part of complete coverage on
Data mining & privacy
June 23, 2013 -- Updated 1425 GMT (2225 HKT)
He's a high-school dropout who worked his way into the most secretive computers in U.S. intelligence as a defense contractor.
March 12, 2014 -- Updated 1643 GMT (0043 HKT)
A federal judge has refused the Obama administration's request to extend storage of classified NSA telephone surveillance data beyond the current five-year limit.
March 10, 2014 -- Updated 0044 GMT (0844 HKT)
From his sanctuary in the Ecuadorian embassy in London, Julian Assange said that everyone in the world will be just as effectively monitored soon -- at least digitally.
March 11, 2014 -- Updated 0039 GMT (0839 HKT)
In a rare public talk via the Web, fugitive NSA leaker Edward Snowden urged a tech conference audience to help "fix" the U.S. government's surveillance of its citizens.
August 2, 2013 -- Updated 0355 GMT (1155 HKT)
The White House is "very disappointed" that National Security Agency leaker Edward Snowden has been granted temporary asylum in Russia.
December 10, 2013 -- Updated 1357 GMT (2157 HKT)
Spies with surveillance agencies in the U.S. and U.K. infiltrated video games like "World of Warcraft" in a hunt for terrorists "hiding in plain sight" online.
August 2, 2013 -- Updated 1139 GMT (1939 HKT)
Bradley Manning and Edward Snowden both held jobs that gave them access to some of their country's most secret and sensitive intelligence. They chose to share that material with the world and are now paying for it.
August 1, 2013 -- Updated 1435 GMT (2235 HKT)
The NSA's controversial intelligence-gathering programs have prevented 54 terrorist attacks around the world, including 13 in the United States.
August 1, 2013 -- Updated 1854 GMT (0254 HKT)
You've never heard of XKeyscore, but it definitely knows you. The National Security Agency's top-secret program essentially makes available everything you've ever done on the Internet.
August 18, 2013 -- Updated 1304 GMT (2104 HKT)
You may have never heard of Lavabit and Silent Circle. That's because they offered encrypted (secure) e-mail services, something most Americans have probably never thought about needing.
July 24, 2013 -- Updated 1854 GMT (0254 HKT)
"Any analyst at any time can target anyone. Any selector, anywhere ... I, sitting at my desk, certainly had the authorities to wiretap anyone."
July 2, 2013 -- Updated 1356 GMT (2156 HKT)
President Barack Obama responds to outrage by European leaders over revelations of alleged U.S. spying.
April 1, 2014 -- Updated 1448 GMT (2248 HKT)
Browse through a history of high-profile intelligence leaking cases.
July 2, 2013 -- Updated 1437 GMT (2237 HKT)
Former President George W. Bush talks Snowden, AIDS, Mandela and his legacy.
June 26, 2013 -- Updated 1304 GMT (2104 HKT)
Edward Snowden took a job with an NSA contractor in order to gather evidence about U.S. surveillance programs.
June 19, 2013 -- Updated 1047 GMT (1847 HKT)
With reports of NSA snooping, many people have started wondering about their personl internet security.
August 14, 2013 -- Updated 1352 GMT (2152 HKT)
Click through our gallery to learn about other major leaks and what happened in the aftermath.
June 9, 2013 -- Updated 2002 GMT (0402 HKT)
What really goes on inside America's most secretive agency? CNN's Chris Lawrence reports.
ADVERTISEMENT