Intelligence agencies in the U.S. and the UK have massively-funded programs, which have cracked technology used to encrypt online communications and other services such as email, chats, Internet banking, and business and medical records, according to classified documents obtained by Edward Snowden and reported by The Guardian.
The U.S. National Security Agency, or NSA, and its UK counterpart, Government Communications Headquarters, or GCHQ, have breached the guarantee that online transactions, communications and records that are encrypted cannot be accessed by external entities, according to the report, which also reveals that NSA achieved a breakthrough in 2010 in cracking encryption technologies, leading to “vast amounts” of Internet traffic to come under the NSA’s scanner.
“For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies,” a 2010 GCHQ document said, according to The Guardian. “Vast amounts of encrypted internet data which have up till now been discarded are now exploitable.”
NSA earmarks more than $250 million a year on a program, which “covertly influence” encryption and security designs and products of technology companies, to “insert vulnerabilities into commercial encryption systems,” among other objectives, according to the documents.
NSA’s funding for the program against encryption is drastically higher than the costs of Internet surveillance program PRISM, which operates on $20 million annually, the newspaper reported.
The agencies have adopted extensive measures to gain access to encrypted Internet traffic, including covertly ensuring that they have control over global encryption standards, and using supercomputers to break encryption using “brute force,” involving overcoming defenses in the encryption system by employing repeated and exhaustive key searches.
NSA used its influence to get the U.S. National Institute of Standards and Technology to issue the agency’s version of a draft security standard, which was approved for worldwide use in 2006.
“Eventually, NSA became the sole editor,” the document said, according to The Guardian.
NSA worked in collusion with Internet service providers and technology companies to break encryption codes, the documents showed, and revealed that GCHQ also has a program to develop methods to decode encrypted traffic on Internet giants such as Google, Yahoo, Facebook and Hotmail.
The agencies closely guard their ability to crack encryption and their analysts are instructed to not ask about or speculate on the source of the information or the methods used to access it, The Guardian reported.
NSA uses the code word, Bullrun, for its decryption program -- a reference to a major battle in 1861 during the civil war, while GCHQ uses Edgehill -- a reference to a battle in 1642 during the British civil war.
Although NSA has been successful in cracking widely-used encryption technologies such as HTTPS, voice-over-IP and Secure Sockets Layer, the agency has not yet cracked all encryption technologies, the document indicated.
“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden had said, in a Q&A session arranged by The Guardian, in June.