Has the NSA broken SSL? TLS? AES?

Has the NSA broken SSL? TLS? AES?

Summary: Indications suggest that SSL and other fundamental Internet security technologies have indeed been compromised by the NSA.


Just how broken are fundamental Internet security technologies such as Secure-Socket Layer (SSL), Advanced Encryption Standard (AES), and Transport Layer Security (TLS)? We still don't know for certain. But, it’s clear that the National Security Agency (NSA) has broken many kinds of  Internet encryption technologies... including the ones we use every day. 

The NSA's headquarters at Fort Meade, Maryland.

In a joint report, based on documents obtained by The Guardian, three publications, the New York Times (NYT), The Guardian, and ProPublica, are reporting the following "news:"

  • The NSA has secretly and successfully worked to break many types of encryption, the widely used technology that is supposed to make it impossible to read intercepted communications.
  • Referring to the NSA's efforts, a 2010 British document stated: "Vast amounts of encrypted Internet data are now exploitable." Another related British memo said: "Those not already briefed were gobsmacked!"
  • The NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data that users believe is secure.
  • The NSA has deliberately weakened the international encryption standards adopted by developers around the globe.

Before I dive into the details, let me point out that much of this “news” isn't really news. Since it was founded in 1952, the NSA's job has been to intercept communications and break encryption. It's the organization's job. Only the most naïve would be surprised that the NSA has successfully broken "many kinds of encryption" and that this government agency has used any means it could to do so.

Six ways to protect yourself from the NSA and other eavesdroppers

In fact, as I reported earlier this year, commercially available SSL interception proxy programs and devices from vendors such as Blue Coat Systems and Packet Forensics enable businesses and government agencies to intercept and read SSL communications.

As for the technical specifics, the reports are don't give us enough detail to spell out what security standards and products were actually broken. One major breakthrough seems to have occurred in 2010 when the United Kingdom's Government Communications Headquarters, (GCHQ) reported that the NSA “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

Does that mean SSL, which is used by almost every "secure" Web site on the planet, itself has been broken? Maybe. Maybe not.

The groups report that the NSA has been working hard on breaking the encryption in universal use in the US, including SSL, virtual private networks (VPNs), and 4G smartphones. What these have in common is their use of 256-bit AES for encryption.

It's been estimated that a brute-force attack on a message encrypted with 256-bit AES would take even a supercomputer longer to break than the universe has been in existence. Of course, if AES's Rijndael encryption algorithm (PDF link) already had a built-in weakness it would be much easier to break.

Such government emplaced weaknesses have been found before. In 2007, security expert Bruce Schneier described how Dan Shumow and Niels Ferguson had found a random number algorithm that could be used in TLS contained "a weakness that can only be described as a back-door."

Could there be such back doors in SSL?

Paul Kocher, a cryptographer who helped design SSL, thinks so. He told the NYT that although the NSA wasn't allowed to put Clipper, an encryption system with a built-in security backdoor for the federal government on all PCs in the 1990s, "they went and did it anyway, without telling anyone."

The other "news" is that the NSA and GCHQ have been looking for ways to access the protected traffic of the most popular Internet companies: Google, Yahoo, Facebook, and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems. What these may be is still unknown.

And it's not just Google. The story also re-reported that Microsoft had "handed the NSA access to encrypted messages." Microsoft, according to the report, provided more than simply access to encrypted messages. The company is said to have also given the NSA access to "Outlook e-mail, Skype Internet phone calls and chats, and to SkyDrive, the company’s cloud storage service."

Microsoft has denied this. The company has since revealed that it and rival Google have joined forces in a law suit to reveal how they're handling Foreign Intelligence Surveillance Act (FISA) requests.

Eventually--and it may take years--we'll find out what's really going on with our Internet security standards, privacy, and government surveillance. For now, we keep getting more hints that the NSA does indeed have high level access to both security technologies and to the companies that sell and operate them.

Related Stories:

Topics: Security, Government US, Government UK, Networking, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • including the ones we use every day

    Including those we use every day ... maybe?
    • Everything on a Windows computer is broken by NSA

      Microsoft gave them the keys to all of your encryption and communication when they let them in through the backdoor.

      From the horse's mouth: http://www.microsoft.com/en-us/news/Press/2013/Jul13/07-11statement.aspx

      1) http://www.zdnet.com/dont-let-paranoia-over-the-nsa-and-tpm-weaken-your-security-7000019791/
      2) http://www.zdnet.com/microsoft-google-v-nsa-lawsuit-to-proceed-7000020311/
      3) http://www.zdnet.com/nsa-said-to-have-paid-millions-to-cover-costs-for-tech-giants-in-prism-program-7000019807/
      4) http://www.zdnet.com/nsa-surveillance-ruled-illegal-and-unconstitutional-7000019699/
      5) http://www.zdnet.com/german-government-refutes-windows-backdoor-claims-7000019739/
      • But Microsoft is a big greedy company...

        There's no way that the government could ever influence a smaller operation or say an independent open source programmer because those guys have all the money they will ever need and nothing to fear from the NSA right?

        Face it dude. Unless you made it yourself, you have no idea what it's really doing and there are people with limitless resources who probably do know.
        • At last!

          An article by SJVN that is not completely the product of mental di@rrh3a
          • To his credit...

            ..SJVN has been writing much better articles as of late. Give credit where due.
        • Doing cryptography/security right is tricky

          Even most IT professionals aren't qualified to do it right.

          That's why standards like SSL and AES are so important -- there are implementations done by people who really know what they're doing.

          If the NSA can get through (by breaking) or around (by acquiring privileged access or getting their hands on top-level certs) or under (by coercing or co-opting service providers) then all that expertise ends up wasted.

          "Home-grown" solutions are almost invariably not nearly as clever as the creators believe -- and the NSA has plenty of skills and resources for cracking those.
          • Even most IT professionals aren't qualified to do it right.

            Never a more true comment spoken. Encryption ain't no game for kids.
  • Encryption technology is a moving target.

    "As for the technical specifics, the reports are don't give us enough detail to spell out what security standards and products were actually broken."

    That's the problem, though - Although it's largely transparent to the user, encryption technologies are a moving target, and if we don't know which ones have been cracked, this information isn't very useful other than for scaremongering.

    Many of these technologies cover a variety of ciphers, which themselves may have different versions and key lengths. A vague report isn't really helpful for giving advice to people or warning them about specific threats.
    • A flag, really?

      All I did was to say something true: It's hard to give advice based on a vague report.

      And somebody flags it?


      Save your flags for spam. Don't just flag something because you don't like it for some crazy reason (which you never even bother to explain in a post of your own), thanks.
      • Some are obviously using flags to hi light or bookmark comments

      • ZDNet shouldn't use the word "flag."

        Some folks are consistently misusing "flag" to show that they don't agree. The "flag" connotation is also often used to mark important items in various software. The word "spam" would make far more sense in this context. There also needs to be a third option. The options should basically be "agree," "disagree," and "spam." In fact, maybe a fourth option should be "troll," because people are using it for that, too.
        • 4 options FTW!

          Seriously though, if they could even get the flag / vote buttons to work properly I would be impressed. Every time I click "Vote" on post, it changes the values for votes and flags on every single other post to the same values as the one I clicked. It's been like that for months now.
          • Value Changes

            Hey Mrefuman,

            It just did the same thing for me but it's a cosmetic change only. Refresh the screen and the other values will have not changed (I just tried it).
    • for the NSA, "breaking" encrption includes simply sabotaging it

      Why do the hard demanding, challenging work of trying to "crack" good algorithms, when you can just sabotage them, instead?

      John Gilmore On How The NSA Sabotaged A Key Security Standard
  • I sure hope they've cracked all those basic ones

    That's what we pay them the big bucks to do all day. Not surprised that they have a multitude of ways to get into google all day long either as I'm sure googles custom flavors of Linux still have a huge % of the thousands of security holes it comes with stock. As for the other already debunked click bait about Microsoft I'm sure they asked for it and I'm sure MS told them they could have exactly what they had a warrant to specifically get. No tin foil hat necessary.
    Johnny Vegas
    • No warrent called for.

      Just a NSL - in other words, a simple memo.

      And that isn't a warrant.
      • Exactly. An NSL is not a warrant.

        The Constitution specifically requires a warrant obtained from the Judicial branch, by demonstrating some evidence of wrong doing. These illegal NSLs were created to bypass that entire process. Now, they only need a slight suspicion, with no evidence whatsoever. The people rubber-stamping the NSLs have a vested interest in issuing them as they're cut from the same cloth as the people asking for the NSLs. In fact, there are a number of cases of innocent people disappearing off the streets only to be discovered later illegally rotting in Guantanamo after receiving no trial whatsoever.

        There is no true judicial oversight anymore and the Constitution has been disemboweled. The office of the President routinely bypasses Congress to declare wars we can't afford on a whim. The Congress passes laws which violate the Constitution. When Congress won't pass a law to confiscate guns, the President bypasses Congress to illegally confiscate weapons via Executive Order, violating the Constitution. These were all of the same actions Hitler took. Wake up people. Our freedom is gone. We now live in a police state similar to the pre-WWII days in Nazi Germany.

        As for the security of encryption, people keep saying a massive supercomputer would have trouble cracking AES256 even if it ran nearly forever. That's a comparison which makes no sense in this context. Specifically designed hardware can do specific tasks orders of magnitude faster than a general purpose computer. The NSA has its own custom built equipment which was designed entirely with one purpose - cracking encryption. Their equipment is several orders of magnitude ahead of anything else in existence. The second bad assumption is that they would use a brute force attack. They have some of the most brilliant cryptographers ever to live. Why would they resort to brute force? Think about it, if you're one of the best cryptographers in the world, where would you want to work?

        The bottom line? No current encryption scheme is immune to NSA monitoring.
        • Astute

          Bill points are as brilliant as usual.

          The NSA code breaking technology is decades ahead of the private sector, though it is clearly not in their interest to advertise the fact.

          Assume that there is no code that the NSA has not or cannot break quickly. Countless billions of dollars of investment in hardware and intellectual resources over the years has provided them with a significant lead in technology that one has to ponder to comprehend.

          Consider here the private sector will be 20 years from now at the current rate of technological innovation. Consider where it will be 50 years from now as this type of this growth tends to be more exponential than linear as it builds upon itself. Now consider what can be achieved with an appropriate level of resources and assume that that someone could have that technology now. Would they give it away? Would they even hint as to its existence? The NSA has techniques that most can barely imagine at this point because it does not serve them to allow any tangential knowledge that could even hint at what they have, to become public. These details are the ones that are quietly cleansed from the Internet as we wow over other seemingly important disclosures.
    • GovReply d1

      You are a good american Johnny!
  • Silence from the Internet pioneers

    So I will make the prognostication: there will be a replacement for the internet in the next decade, and it will not be a US innovation or under its control. And it may well have less capability than the current system because it will not be interoperable across national boundaries. Today's internet may remain as the "plumbing" that moves packets around, but there will be numerous proprietary layers built on top of it to protect business and personal data from the backdoor exploits of government snoops and criminal hackers.

    As several different articles have pointed out, the US government has critically weakened the basic structure of the internet for dubious reasons, and also weakened the technology companies that contribute to a large fraction of the US economy. the eventual cost to US citizens will be in the TRILLIONS, above and beyond the billions of tax dollars they siphon off today. That will be the real tragedy for the generations to come.
    terry flores