New Snowden Leak Reports ‘Groundbreaking’ NSA Crypto-Cracking

[Wilikon]

The latest published leak from NSA whistleblower Edward Snowden lays bare classified details of the U.S. government’s $52.6 billion intelligence budget, and makes the first reference in any of the Snowden documents to a “groundbreaking” U.S. encryption-breaking effort targeted squarely at internet traffic.

Snowden, currently living in Russia under a one-year grant of asylum, passed The Washington Post the 178-page intelligence community budget request for fiscal year 2013. Among the surprises reported by Post writers Barton Gellman and Greg Miller is that the CIA receives more money than the NSA: $14.7 billion for the CIA, versus $10.8 billion for the NSA. Until this morning it’s generally been believed that the geeky NSA, with its basements full of supercomputers, dwarfed its human-oriented counterparts.

The Post published only 43 pages from the document, consisting of charts, tables and a 5-page summary written by Director of National Intelligence James Clapper. The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods.

One of those methods, though, is hinted at in the Clapper summary — and it’s interesting. Clapper briefly notes some programs the intelligence agencies are closing or scaling back, as well as those they’re pouring additional funds into. Overhead imagery captured by spy satellites was slated for reduction, for example, while SIGINT, the electronic spying that’s been the focus of the Snowden leaks, got a fresh infusion.

“Also,” Clapper writes in a line marked “top secret,” “we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.”

The Post’s article doesn’t detail the “groundbreaking cryptanalytic capabilities” Clapper mentions, and there’s no elaboration in the portion of the document published by the paper. But the document shows that 21 percent of the intelligence budget — around $11 billion — is dedicated to the Consolidated Cryptologic Program that staffs 35,000 employees in the NSA and the armed forces.

The rest:
http://www.wired.com/threatlevel/2013/08/black-budget/

[polrpaul]

Awesome!

[MysteryMiner]

Hmmm what could it be? Large MITM attack against SSL encrypted web traffic using certificates signed by root authorities? Pay millions $ to everyone involved to both keep enthusiastic and keep mouth shut. Thank You America!

[balanghai]

That'd be a very awesome rig to mine bitcoins!!!!!!!

[polrpaul]

That'd be a very awesome rig to mine bitcoins!!!!!!!

 

[Rassah]

Among the surprises reported by Post writers Barton Gellman and Greg Miller is that the CIA receives more money than the NSA: $14.7 billion for the CIA, versus $10.8 billion for the NSA.

Actually not too surprising, considering CIA's toys include U2 Spy Planes, SR-71 Blackbird, and currently drones.

[theDF]

Some of this is not even suprising me anymore 

[balanghai]

Maybe this is the reason why primecoin is so difficult to mine now. They are selling 20k XPM a day to cover costs of the equipments!!!

[b!z]

"The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods."

Censorship at its finest.

[west77]

"The Post said it withheld the rest, and kept some information out of its reporting, in consultation with the Obama administration to protect U.S. intelligence sources and methods."

Censorship at its finest.

It is, after all, very important to allow the ministry of truth to have the final say in what can be published.

[nlovric]

Hmmm what could it be? Large MITM attack against SSL encrypted web traffic using certificates signed by root authorities? Pay millions $ to everyone involved to both keep enthusiastic and keep mouth shut. Thank You America!

Time-Memory-Data (TMD) trade-off, most-likely. Further considerations ULTRA.

[GreenBits]

Im not too savvy on all the crypto shit, but does this mean that Pretty Good Privacy isn't so good and private anymore?

[melon]

Im not too savvy on all the crypto shit, but does this mean that Pretty Good Privacy isn't so good and private anymore?

its now going to be called kinda-ok privacy w. the acronym (KOP)

[btbrae]

Breaking: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

US and UK spy agencies defeat privacy and security on the internet

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'

...The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.

It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".

[Spendulus]

Breaking: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

US and UK spy agencies defeat privacy and security on the internet

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'

...The document reveals that the agency has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking.

The document also shows that the NSA's Commercial Solutions Center, ostensibly the body through which technology companies can have their security products assessed and presented to prospective government buyers, has another, more clandestine role.

It is used by the NSA to "to leverage sensitive, co-operative relationships with specific industry partners" to insert vulnerabilities into security products. Operatives were warned that this information must be kept top secret "at a minimum".

Of course, since it's existence has now been revealed, the utility of these efforts has been compromised.

If the US ever fell apart like Russia did in 1990-1992 timeframe, and all those NSA creeps were out of jobs with the knowledge of these backdoors....

[Wilikon]

I was going to update my thread but I see people keeping track. That is good.

Obviously the bitcoin ecosystem is not surprised by all those revelations. It simply means there is not enough tinfoil hats for everyone on this planet now as it is all factual.

[bitcoindigi]

Im not too savvy on all the crypto shit, but does this mean that Pretty Good Privacy isn't so good and private anymore?

its now going to be called kinda-ok privacy w. the acronym (KOP)

lol.

I'd say they won't touch pgp for the next 10ish years. hopefully.

What they're capable of is https, SSL and VoIP, but that's obvious IMO

[Ekaros]

Im not too savvy on all the crypto shit, but does this mean that Pretty Good Privacy isn't so good and private anymore?

its now going to be called kinda-ok privacy w. the acronym (KOP)

lol.

I'd say they won't touch pgp for the next 10ish years. hopefully.

What they're capable of is https, SSL and VoIP, but that's obvious IMO

I think PGP is itself still sound. But there is a big trust issues...

Maybe it's time to find a new root authority and not involve it with USA in anyway...

[b!z]

Im not too savvy on all the crypto shit, but does this mean that Pretty Good Privacy isn't so good and private anymore?

its now going to be called kinda-ok privacy w. the acronym (KOP)

lol.

I'd say they won't touch pgp for the next 10ish years. hopefully.

What they're capable of is https, SSL and VoIP, but that's obvious IMO

I think PGP is itself still sound. But there is a big trust issues...

Maybe it's time to find a new root authority and not involve it with USA in anyway...

self issued SSL certificates, some sites are already doing this

[Rassah]

I was going to update my thread but I see people keeping track. That is good.

Obviously the bitcoin ecosystem is not surprised by all those revelations. It simply means there is not enough tinfoil hats for everyone on this planet now as it is all factual.

We need tinfoil computer cases...