How The NSA Bypasses Online Encryption
[Bauer-Power] Ever since the recent Snowden leak revealed that the NSA has the ability to bypass most online encryption I got to thinking about how they would do that. I also wondered if the SSL protected websites I manage were secure from their eavesdropping. I think the answer is yes, they are still secure, and here’s why.
The leak said that the NSA is able to break some encryption, but they mostly collude with companies to bypass the encryption altogether. In a recent report from Slate, they specifically named Google as one of the companies that the NSA uses for man in the middle attacks. From that article:
Now, documents published by Fantastico appear to show that, far from “cracking” SSL encryption—a commonly used protocol that shows up in your browser as HTTPS—the spy agencies have been forced to resort to so-called “man-in-the-middle” attacks to circumvent the encryption by impersonating security certificates in order to intercept data.
Prior to the increased adoption of SSL in recent years, government spies would have been able to covertly siphon emails and other data in unencrypted format straight off of Internet cables with little difficulty. SSL encryption seriously dented that capability and was likely a factor in why the NSA started the PRISM Internet surveillance program, which involves obtaining data from Internet companies directly.
However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
Okay, so now we know that the NSA can impersonate Google’s SSL certificates. How do they do it though? First take a look at this:
For those who don’t know, MSIT stands for Microsoft Internet Authority:
So there you have it, I think it’s safe to say that the way they bypass encryption, at least for Google and Microsoft users, is by obtaining certificates from Google’s and Microsoft’s certificate authorities and use them for man in the middle attacks. If the NSA has agreements with other certificate authorities like Verisign or Comodo, that remains to be seen, but neither of those companies were named in Snowden’s leaks.
What do you think about this? Let us know in the comments.
[Via Bauer-Power]
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world. Anyone can join. Anyone can contribute. Anyone can become informed about their world. "United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
LION'S MANE PRODUCT
Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules
Mushrooms are having a moment. One fabulous fungus in particular, lion’s mane, may help improve memory, depression and anxiety symptoms. They are also an excellent source of nutrients that show promise as a therapy for dementia, and other neurodegenerative diseases. If you’re living with anxiety or depression, you may be curious about all the therapy options out there — including the natural ones.Our Lion’s Mane WHOLE MIND Nootropic Blend has been formulated to utilize the potency of Lion’s mane but also include the benefits of four other Highly Beneficial Mushrooms. Synergistically, they work together to Build your health through improving cognitive function and immunity regardless of your age. Our Nootropic not only improves your Cognitive Function and Activates your Immune System, but it benefits growth of Essential Gut Flora, further enhancing your Vitality.
Our Formula includes: Lion’s Mane Mushrooms which Increase Brain Power through nerve growth, lessen anxiety, reduce depression, and improve concentration. Its an excellent adaptogen, promotes sleep and improves immunity. Shiitake Mushrooms which Fight cancer cells and infectious disease, boost the immune system, promotes brain function, and serves as a source of B vitamins. Maitake Mushrooms which regulate blood sugar levels of diabetics, reduce hypertension and boosts the immune system. Reishi Mushrooms which Fight inflammation, liver disease, fatigue, tumor growth and cancer. They Improve skin disorders and soothes digestive problems, stomach ulcers and leaky gut syndrome. Chaga Mushrooms which have anti-aging effects, boost immune function, improve stamina and athletic performance, even act as a natural aphrodisiac, fighting diabetes and improving liver function. Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules Today. Be 100% Satisfied or Receive a Full Money Back Guarantee. Order Yours Today by Following This Link.
| Visits: | 1,706,339,535 |
| Stories: | 8,445,261 |
Whistler Blowers, Insiders
