Results 1 to 4 of 4
Like Tree1Likes

Thread: Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895

    Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic

    Washington Post
    By Craig Timberg, Barton Gellman and Ashkan Soltan
    Tuesday, November 26, 7:20 PM

    These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.”

    Microsoft’s move to expand encryption would allow it to join Google , Yahoo , Facebook and other major technology firms in hardening their defenses in response to news reports about once-secret NSA programs.
    Microsoft, suspecting NSA spying, to ramp up efforts to encrypt its Internet traffic

    Microsoft is moving toward a major new effort to encrypt its Internet traffic amid fears that the National Security Agency may have broken into its global *communications links, said people familiar with the emerging plans.

    Suspicions at Microsoft, while building for several months, sharpened in October when it was reported that the NSA was intercepting traffic inside the private networks of Google and Yahoo, two industry rivals with similar global infrastructures, said people with direct knowledge of the company’s deliberations. They said top Microsoft executives are meeting this week to decide what encryption initiatives to deploy and how quickly.

    Documents obtained from former NSA contractor Edward Snowden suggest — though do not prove — that the company is right to be concerned. Two previously unreleased slides that describe operations against Google and Yahoo include references to Microsoft’s Hotmail and Windows Live Messenger services. A separate NSA e-mail mentions Microsoft Passport, a Web-based service formerly offered by Microsoft, as a possible target of that same surveillance project, called MUSCULAR, which was first disclosed by The Washington Post last month.

    Though Microsoft officials said they had no independent verification of the NSA targeting the company in this way, general counsel Brad Smith said Tuesday that it would be “very disturbing” and a possible constitutional breach if true.

    Microsoft’s move to expand encryption would allow it to join Google , Yahoo , Facebook and other major technology firms in hardening their defenses in response to news reports about once-secret NSA programs. The resulting new investments in encryption technology stand to complicate surveillance efforts — by governments, private companies and criminals — for years, experts say.

    Though several legislative efforts are underway to curb the NSA’s surveillance powers, the wholesale move by private companies to expand the use of encryption technology may prove to be the most tangible outcome of months of revelations based on documents that Snowden provided to The Post and Britain’s Guardian newspaper. In another major shift, the companies also are explicitly building defenses against U.S. government surveillance programs, in addition to combating hackers, criminals or foreign intelligence services.

    “That’s a pretty big change in the way these companies have operated,” said Matthew Green, a Johns Hopkins University cryptography expert. “And it’s a big engineering effort.”

    In response to questions about Microsoft, the NSA said in a statement Tuesday, “NSA’s focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”

    A U.S. official, who was not authorized to discuss the matter publicly and spoke on the condition of anonymity, said Tuesday that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links.

    A 2009 e-mail from a senior manager of the NSA’s MUSCULAR project specifies that a targeting tool called “MONKEY PUZZLE” is capable of searching only across certain listed “realms,” including Google, Yahoo and Microsoft’s Passport service. It is not clear what service a fourth listed realm, “emailAddr,” refers to. “NSA could send us whatever realms they like right now, but the targeting just won’t go anywhere unless it’s of one of the above 4 realms,” the e-mail said.

    The tech industry’s response to revelations about NSA surveillance has grown far more pointed in recent weeks as it has become clear that the government was gathering information not only through court-approved channels in the United States — overseen by the Foreign Intelligence Surveillance Court — but also through the massive data links overseas, where the NSA needs only authority from the president. That form of collection has been done surreptitiously by gaining access to fiber-optic connections on foreign soil.

    Smith, the Microsoft general counsel, hinted at the extent of the company’s growing encryption effort at a shareholders meeting last week. “We’re focused on engineering improvements that will further strengthen security,” he said, “including strengthening security against snooping by governments.”

    People familiar with the company’s planning, who spoke on the condition of anonymity to discuss matters not yet publicly announced, said that while officials do not have definitive proof that the NSA has targeted Microsoft’s communication links, they have been engaged in a series of high-level meetings to pursue encryption initiatives “across the full range of consumer and business services.” A cost estimate was not available; key decisions are due to be made at a meeting of top executives this week in Redmond, Wash., where Microsoft is headquartered.

    When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: “These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.”

    That echoes a similar statement by Google’s general counsel, David Drummond, who said last month that he was “outraged” by the report in The Post about the NSA tapping into the links connecting the company’s network of data centers. Google in September announced an ambitious new set of encryption initiatives, including among data centers around the world. Yahoo made a similar announcement last week.

    Microsoft, Google and Yahoo also have joined other major tech firms, including Apple, Facebook and AOL, in calling for limits to the NSA’s surveillance powers. Most major U.S. tech companies are struggling to cope with a global backlash over U.S. snooping into Internet services.

    The documents provided by Snowden are not entirely clear on the way the NSA might gain access to Microsoft’s data, and it is possible that some or all of it happens on the public Internet as opposed to on the private data center links leased by the company. But several documents about MUSCULAR, the NSA project that collects communications from links between Google and Yahoo data centers, discuss targeting Microsoft online services. The company’s Hotmail e-mail service also is one of several from which the NSA has collected users’ online address books.

    The impact of Microsoft’s move toward expanded encryption is hard to measure. And even as most major Internet services move to encrypt their communications, they typically are decoded — at least briefly — as they move between different companies’ systems, making them vulnerable.

    Privacy activists long have criticized Microsoft as lagging behind some rivals, such as Google and Twitter, in implementing encryption technology. A widely cited scorecard of privacy and security by tech companies, compiled by the Electronic Frontier Foundation in San Francisco, gives Microsoft a single check mark out of a possible five.

    “Microsoft is not yet in a situation where we really call them praiseworthy,” said Peter Eckersley, director of technology projects at the foundation. “Microsoft has no excuse for not being a leader in encryption and security systems, and yet we often see them lagging behind the industry.”

    Encryption, while not impervious to targeted surveillance, makes it much more difficult to read communications in bulk as they travel the Internet. The NSA devotes substantial resources to decoding encrypted traffic, but the work is more targeted and time consuming, sometimes involving hacking into individual computers of people using encryption technology.

    Documents provided by Snowden, and first reported by the Guardian, show that Microsoft worked with U.S. officials to help circumvent some forms of encryption on the company’s services.

    http://www.washingtonpost.com/busine...0a9_print.html
    Last edited by HAPPY2BME; 11-26-2013 at 11:18 PM.
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  2. #2
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

  3. #3
    Senior Member JohnDoe2's Avatar
    Join Date
    Aug 2008
    Location
    PARADISE (San Diego)
    Posts
    99,040
    1. NSA has 'cracked much online encryption' - CNN.com
      www.cnn.com/2013/09/06/us/nsa-surveillance-encryption/
      Sep 6, 2013 - The NSA has secretly managed to break much of the encryption that keeps people's data safe online, reports based on documents leaked by ...
    2. NSA uses supercomputers to crack Web encryption, files show
      www.usatoday.com/story/news/.../nsa...encryption-cracked/2772721/‎
      Sep 5, 2013 - U.S. and British intelligence agencies have crackedthe encryption designed to provide online privacy and security, documents leaked by ...
    NO AMNESTY

    Don't reward the criminal actions of millions of illegal aliens by giving them citizenship.


    Sign in and post comments here.

    Please support our fight against illegal immigration by joining ALIPAC's email alerts here https://eepurl.com/cktGTn

  4. #4
    Senior Member HAPPY2BME's Avatar
    Join Date
    Feb 2005
    Posts
    17,895

    Reports: NSA has cracked much online encryption

    (CNN) -- The U.S. National Security Agency has secretly succeeded in breaking much of the encryption that keeps people's personal data safe online, according to reports by The New York Times, The Guardian and ProPublica.

    The reports, produced in partnership and published Thursday, are the latest to emerge based on documents leaked by former NSA contractor Edward Snowden to Britain's Guardian newspaper.

    According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats.

    The agencies' methods include the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.

    "Through these covert partnerships, the agencies have inserted secret vulnerabilities -- known as backdoors or trapdoors -- into commercial encryption software," The Guardian says.

    The Guardian cites a 2010 GCHQ memo that it says describes a briefing on NSA accomplishments given to GCHQ employees.

    "For the past decade, NSA has lead (sic) an aggressive, multi-pronged effort to break widely used Internet encryption technologies," the memo reportedly says. "Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable."

    A second memo is quoted as saying that when the British analysts, who often work alongside NSA officers, were first told about the program, "those not already briefed were gobsmacked."

    Another document states that GCHQ has been working to find ways into the encrypted data sent via four big Internet firms, Google, Yahoo, Facebook and Microsoft's Hotmail, the reports claim.

    GCHQ told CNN it had no comment on The Guardian report.

    The reports claim that the NSA worked to develop more covert ways of unscrambling online data after losing a public battle in the 1990s to insert a government "back door" into all programming.

    'Foundation of web security'

    Computer security expert Mikko Hypponen believes the revelation is the most important leak to date from Snowden.

    "It may not have gained as many headlines as some of his other stories, because most people don't understand how crypto systems work. If indeed U.S intelligence does indeed have such a wide range of systems, then I'm surprised," he told CNN.
    Crypto encryption is relevant to everyday applications that everyone uses, for example in communications and transactions, he said. "Now we learn that the foundation of web security has been compromised."

    Hypponen, the chief research officer for F-Secure, said he believes the NSA and GCHQ had probably cracked the encryption by placing moles in key companies at key locations. "Any major service provider must have sizable amounts of moles from intelligence agencies. Remember that the NSA has 35,000 people working for it," he said.

    "The ordinary user should not be worried by these revelations -- it's obvious that intelligence agencies are not interested in hacking financial transactions -- but they should be outraged."

    He suggested those outside the United States should be the most concerned.
    "How many U.S. politicians use French cloud-services? Almost none. But how many French politicians use U.S. cloud services? All of them," he said. "Remember that 96% of the planet's inhabitants are foreigners to the United States, so it's wrong that the U.S. has a legal right to access foreign communications."

    Public concern

    The scope of hidden U.S. surveillance programs has been brought to public light through leaks to media outlets by Snowden, who fled the United States and is now in Russia under temporary asylum. He faces espionage charges.

    The revelations have led many Americans, according to polls, to harbor skepticism about the NSA programs. They've also generated concern in Congress as well as from privacy groups and libertarians.

    Last month, President Barack Obama sought to allay people's unease over the work of the intelligence agency in an interview with CNN "New Day" anchor Chris Cuomo.

    Obama said he was confident no one at the NSA is "trying to abuse this program or listen in on people's e-mail." The president chalked much of the concern with domestic snooping on changes in technology.

    "I think there are legitimate concerns that people have that technology is moving so quick," Obama said. "What I recognize is that we're going to have to continue to improve the safeguards and as technology moves forward, that means that we may be able to build technologies that give people more assurance."

    http://www.cnn.com/2013/09/06/us/nsa...ce-encryption/
    Join our FIGHT AGAINST illegal immigration & to secure US borders by joining our E-mail Alerts at http://eepurl.com/cktGTn

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •