USA NSA Internet exploits

Status
Not open for further replies.
Recently, it was discovered from documents leaked from Edward Snowden, that the US NSA (United States National Security Agency) have been aggressively trying to break through common encryptions that are used by private citizens trying to remain private. The NSA has been using taxpayer money to build super-computers and advanced decryption programs to hack into emails, private voice conversations, and a wealth of private data. There reach has gotten to the point where they have been influencing (bribing) software companies to insert backdoors (or hidden weaknesses) into their encryption programs so that the Government can spy on your private business. VPNs have been compromised as well.

So far, it has been confirmed that the NSA has been able to break through HTTPS, SSL, and a couple of other common encryption methods (I'm not sure if AES is still safe, it's a pretty convoluted encryption). Even though they have been able to get through these protocols, most bit-wise encryption algorithms are still safe.

Personally, I'm appalled by this blatent and malicious attack on the freedom of US citizens. Even though I have nothing to hide, the government doesn't need to peek into my private data, and I believe that infringes on personal freedom. Even though this supposably is to help fight terroism, the goal of the project is to target common citizen's data and they are catagorized as 'adversaries' in the document that was leaked that provided us with this information. So apparently the common man is now an enemy to the government, why am I not surprised.

The full article is here:
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

-------------------------------------------------------------------------------------------------------------------------

After considering the nature of this thread, I thought I should define some things for people that are not technologically inclined, I don't want to sound like a computer teacher in school, but if you don't understand an acronym, the explanation is here:

encryption: Encryption is applying a secret code to data so it is jibberish unless you have the password (key) to turn it back into the original data. Encryption is used over the internet to make sure that hackers can't get your bank account number, get passwords, etc.

HTTPS: This is a special communication to get webpages using encryption so your activites remain safe on the internet. It is usually used when accessing Paypal, bank websites, etc.

SSL: This is another special communication for other kinds of internet applications, usually used for important commercial business, so it is important this stays safe.

VPN: This is a Virtual Private Network, it essentially is a way for you to do business at home or log into a network (business, school, etc) to do work.

AES: Advanced Encryption Standard, this is a very powerful encryption method that is very hard to crack.

Black-Hat: A hacker, or someone who uses their computer knowledge for illegal monetary gain, or gets their kicks from ruining other people's computers.

Cryptography: This science of encryption or cyphers.

Edward Snowden: A US government worker that leaked documents that contained information about the NSA's actions we are talking about now. He is currently in Russia and is unable to return to the US.
 
Last edited:

Ricardo

Dead Guybrush in netgames
[...]the goal of the project is to target common citizen's data and they are catagorized as 'adversaries' in the document that was leaked that provided us with this information. So apparently the common man is now an enemy to the government, why am I not surprised.

Be careful not to take everything at face value, especially if what is available to you is just the news report instead of the original NSA document.

For example, "adversary" is a common term used in cryptography and internet security in general (see here), so it is possible that the original document simply refers to an adversary as an entity that attacks or is a threat to a system, instead of just any user.

Interestingly, from the perspective of the private services in which the NSA allegedly introduced backdoors in their systems against their will, the NSA is an adversary.
 
Well, I'm satified that the only effective weapon used against hacking, packet-sniffing, and cyber-terroism has now been effectively corrupted by the government all in the name of 'security'. So essentially most finantial and other critically private transmissions are now up for grabs once the black-hat community finds the vulnerabilities. Bit-wise encryption and encryption protocols were the only thing keeping the internet slightly safe (if that). Now how can we be sure Paypal accounts, bank account, etc are safe when we access them? Especially seeing that HTTPS was targeted as well as SSL and VPN's, private business information and bank information (which both should be kept critically private) are at risk.

Screw this, this is like Y2K all over again, except this was intentional.
 

Cinefast

32 kilowords of core!
Most of these exploits are not based at all on actually cracking the mathematical basis of these encryption algorithms, but rather, on subtleties of implementation, human error, and so forth. It's much the same as with when the news that "TOR ISN'T SECURE!" took the net by storm. For the most part, if you understand what you're doing, you'll be safe.

Of course when dealing with third parties this is a different story. But it would be foolish to have trust in these centralized services beyond what you can reasonably afford.
 
Status
Not open for further replies.

Who is viewing this thread (Total: 1, Members: 0, Guests: 1)

Top