Snowden leaks: US and UK 'crack online encryption'

A man types on a computer keyboard in Warsaw in this February 2013 illustration file picture

US and UK intelligence have reportedly cracked the encryption codes protecting the emails, banking and medical records of hundreds of millions of people.

Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK's GCHQ successfully decoded key online security protocols.

They suggest some internet companies provided the agencies backdoor access to their security systems.

The NSA is said to spend $250m (£160m) a year on the top-secret operation.

Analysis

Encryption involves scrambling text to make it unreadable without the right key. Typically data encryption uses numbers hundreds of digits long as those keys. That renders data secure because it would take thousands of years to try all possible keys for a particular message.

The NSA and GCHQ have apparently managed to get around this several different ways. They have used supercomputers to crank through potential keys very quickly, exploited known weaknesses in widely used web and mobile security protocols to read messages, and forced tech firms to install backdoors in software.

In addition, the NSA is believed to have subverted a US federal program to create new encryption algorithms so it can more easily get at any messages or data they were supposed to protect.

Critics say the NSA/GCHQ approaches are short-sighted because any backdoor could equally be used by spies and crooks and undermines the role the web plays in modern life.

It is codenamed Bullrun, an American civil-war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica.

The British counterpart scheme run by GCHQ is called Edgehill, after the first major engagement of the English civil war, say the documents.

'Behind-the-scenes persuasion'

The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks.

The encryption techniques are used by internet services such as Google, Facebook and Yahoo.

Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services.

The NSA also collaborated with unnamed technology companies to build so-called back doors into their software - something that would give the government access to information before it is encrypted and sent over the internet, it is reported.

As well as supercomputers, methods used include "technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications", the New York Times reports.

The US reportedly began investing billions of dollars in the operation in 2000 after its initial efforts to install a "back door" in all encryption systems were thwarted.

'Gobsmacked'

During the next decade, it is said the NSA employed code-breaking computers and began collaborating with technology companies at home and abroad to build entry points into their products.

The documents provided to the Guardian by Mr Snowden do not specify which companies participated.

The NSA also hacked into computers to capture messages prior to encryption, and used broad influence to introduce weaknesses into encryption standards followed by software developers the world over, the New York Times reports.

Computer scientist Herb Lin says he is surprised by the scale of the alleged hacking

When British analysts were first told of the extent of the scheme they were "gobsmacked", according to one memo among more than 50,000 documents shared by the Guardian.

NSA officials continue to defend the agency's actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered.

But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government.

It is the latest in a series of intelligence leaks by Mr Snowden, a former NSA contractor, who began providing caches of sensitive government documents to media outlets three months ago.

In June, the 30-year-old fled his home in Hawaii, where he worked at a small NSA installation, to Hong Kong, and subsequently to Russia after making revelations about a secret US data-gathering programme.

A US federal court has since filed espionage charges against Mr Snowden and is seeking his extradition.

Mr Snowden, however, remains in Russia where he has been granted temporary asylum.

More US & Canada stories

RSS

Features & Analysis

Elsewhere on the BBC

Programmes

  • A map of social media interactionsClick Watch

    Twitter's map of the Middle East conflict – how the two sides react to each other on social media

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.