WASHINGTON, (PNA/Xinhua) — U.S. National Security Agency (NSA) developed the ability to crack encryption technologies widely used to protect Internet communications, using various methods including supercomputers, technical trickery and behind-the-scenes persuasion, The New York Times reported on Friday, citing documents leaked by former NSA contractor Edward Snowden.
The U.S. intelligence agency “circumvented or cracked much of the encryption” that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records as well as automatically secures emails, Web searches, Internet chats and phone calls around the world, the report said.
NSA invested billions of dollars in a highly-classified program codenamed Bullrun since losing in the 1990s a public battle to insert its own ‘back door’ in all encryption, the report said.
The report noted the full extent of NSA’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes — the agency and its counterparts in Britain, Canada, Australia and New Zealand.
According to the newspaper, a 2010 Bullrun briefing document claimed the agency developed “groundbreaking capabilities” against encrypted Web chats and phone calls.
Now, NSA has had some success in cracking widely-used online protocols such as HTTPS, Secure Sockets Layer (SSL) and virtual private networks (VPN).
“For the past decade, NSA has led an aggressive, multi-pronged effort to break widely-used Internet encryption technologies,” said a 2010 memo about NSA’s accomplishments for employees of its British counterpart, the Government Communications Headquarters or GCHQ.
“Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data, which have up till now been discarded, are now exploitable,” the memo was cited as saying.
NSA is also working with unnamed technology companies in the U.S. and abroad to establish “back doors” into their products, the newspaper noted, adding that in some cases companies were “coerced by the government into handing over their master encryption keys or building in a back door.”
According to the report, the agency spends more than 250 million dollars a year on the so-called Sigint Enabling Project which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make those “exploitable.”
The report suggested that Britain’s intelligence agency GCHQ developed “new access opportunities” into Google’s systems by 2012 but Google said it had no evidence that its systems have been breached.
NSA also used its influence as the world’s most experienced code maker to covertly introduce weaknesses into encryption standards followed by hardware and software developers around the world, said the report.
The newspaper claimed intelligence officials asked it not to publish this report which they said might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.
The paper said it removed some specific facts but still decided to publish because of the value of a public debate about government actions that weaken the most powerful tools for protecting privacy of Internet users.