Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Bruce Schneier: Encryption Drives the NSA Batty
February 27, 2014
Only a small number of people have seen the Snowden documents. Few are as technically savvy and knowledgeable about security and surveillance as Bruce Schneier. You definitely want to check out this post from threat post. After much reading, Schneier says the NSA is extremely capable and full of smart people but “they are not made of magic”. Though I would argue that they have a certain amount of black magic. I have begun to think of putting a picture of Voldemort in my NSA PowerPoints.
A cryptographer by training and a security thinker by trade, Schneier notes that the eavesdropping piece of the NSA has grown exponentially in recent years as the Internet and mobile devices have become pervasive.
“The NSA has turned the Internet into a giant surveillance platform, one that is robust politically and technologically,” Schneier said during a talk at the RSA Conference Tuesday. “When you have the budget of the NSA and you have the choice to get the data this way or get it that way, the correct answer is both. Fundamentally the NSA’s mission is to collect everything, and that’s how you have to think about it.”
The agency employs an untold number of top mathematicians and cryptographers and computer scientists – one of their tasks is overcoming a major obstacle for NSA data collection- encryption.
The NSA is known to be working on an unspecified capability to defeat SSL, and Schneier said that while he hasn’t seen any direct evidence of what that capability might be, there are a number of possibilities. “My favorite idea right now is elliptic curves. If they know that certain curves are weak they could then try to get algorithms using those curves,” he said. Other possibilities are some kind of factoring breakthrough, a successful attack on the RC4 cipher, which is known to have some problems already, or a method for exploiting weak random-number generators.
I just love how this man thinks – when I can follow his thoughts!
He says the NSA has a difficult time dealing with encrypted traffic and that users should use that fact to their advantage. “The NSA can’t break Tor and it [ticks] them off. Most crypto drives the NSA batty,” he said. “Encryption works and it works at scale. The NSA may have a larger budget than all of the other intelligence agencies combined, but they are not made of magic. Our goal should be to make eavesdropping more expensive. We should have the goal of limiting bulk collection and forcing targeted collection.”
Since many of the NSA’s methods and tools are out in the open, he expects other agencies, as well as other classes of attackers, to adopt some of them.
And I love this quote:
“These techniques are spreading. Figure that this is a three to five-year window for cybercriminals to use them,” he said. “Today’s NSA programs are tomorrow’s PhD theses and the next day’s hacker tools. Surveillance is the business model of the Internet.” (emphasis added)
From Facebook to Google to the NSA, that's a fact Jack.
Listen to the Podcast
