The National Security Agency and its ally, the British Government Communications Headquarters (GCHQ), have used advanced hacking techniques to crack most encryption software — meaning the two agencies can read encrypted messages on the Internet, even email, banking and medical websites.
The two agencies actually paid various technology companies to put deliberate vulnerabilities in their encryption software. The idea was to make the encryption easier to break, say documents turned over by Edward Snowden, according to The Guardian and The New York Times. The same documents also reveal that the NSA and GCHQ have been waging an all-out war on encryption and the idea of privacy for the past 10 years, paying billions of dollars during that time.
According to the documents:
- Software developed by an NSA program called Operation Bullrun (named after the first battle of the Civil War and a deliberate misspelling) has been able to remove the encryption from vast amounts of data since 2010.
- The GCHQ has a team working to crack online communications sent through what it calls the “big four”: Hotmail, Google, Yahoo, and Facebook.
- The NSA spent $254.9 million on Bullrun in the last year — more than on Operation Prism.
- The NSA has covert efforts to penetrate technology companies and steal encryption secrets.
- The NSA may have blackmailed or coerced technology companies into going along with its programs.
- The NSA and GCHQ have cracked most of the online encryption protocols, including those used to protect e-commerce and banking sites.
- The GCHQ has made a major effort to hack Internet companies and Virtual Private Networks (encrypted Internet communication channels used by companies and other organizations). The GCHQ hopes to be able to crack the encryption used by 15 major Internet companies and 300 virtual private networks by 2015.
Why You Should Be Worried
Average people should worry about this not only because government now can spy on anyone no matter the technology – but also because it’s only a matter of time before the hacking tools and encryption-breaking protocols developed by NSA and GCHQ get into the hands of criminals. The tools developed to “fight terrorism” could soon be used by cyber predators looking to clean out your bank account or steal your identity.
Even if you don’t do business over the Internet, companies and government agencies that you do business with do.
“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” Matthew D. Green of Johns Hopkins University told The Times.
How to Protect Yourself
Is it possible for average people to keep online data safe from agencies like NSA and GCHQ? Guardian reporter Bruce Schneier believes that it is and even offers a few tips. Schneier admits it is impossible to completely evade the NSA’s surveillance net, but he offers some tips for keeping data safe. The tips include:
- Maintain a low profile online. Keep communications limited and short. The more emails and messages you send and the longer they are, the easier they will be to track.
- Don’t keep data you really want secret on a computer connected to the Internet. Schneier states that if the NSA wants into your computer, it gets in.
- Don’t rely on commercial security software, encryption software, and antivirus software. The NSA knows how to crack those.
- Use anonymity software such as Tor to cover your trail online. It isn’t perfect, but it makes tracking you harder.
- There are a number of security and encryption programs that can make your computer harder to crack. Using a number of these can make it much harder for anybody to hack your computer. Schneier recommends Silent Circle, GPG, Tails, Off the Record Messaging, BleachBit and TrueCrypt. Some of these programs are free. Schneier uses all of them because he thinks making his data difficult to crack will deter hackers.
Total security is impossible because of the resources the NSA has invested in defeating encryption. Even with the NSA’s efforts, it is possible to preserve some privacy and anonymity online by using a little creativity.