Snowden leaks reveal encryption programs that NSA couldn’t break

A military no trespassing sign shown in front of Utah's NSA Data Center in Bluffdale, Utah.

Image: Rick Bowmer/Associated Press

By Rex Santus2014-12-29 21:13:57 UTC

A new report on documents leaked to the press by whistleblower Edward Snowden highlights some security tools the National Security Agency has cracked and those it hasn't in its widespread surveillance of digital communication.

The NSA had trouble breaking some forms of encryption, according to a report in the German newsmagazine Der Spiegel that listed seven coauthors, including Laura Poitras, who directed the Snowden documentary Citizenfour. The encryption and security-breaking problems the NSA encountered were ranked on a scale of 1 to 5, from "trivial" to "catastrophic." Facebook chat, for example, was considered "trivial."

The NSA had "major" problems (the fourth level) with Zoho, an encrypted email service, as well as Tor, the network and software that helps users browse the Internet anonymously. Tor sends information through a variety of a relay nodes, managed by volunteers, that make it difficult to tell who or where the web traffic originated from.

Government security specialists also had trouble with Truecrypt, a software program used for file encryption that was shuttered earlier this year. PGP, an early encryption program for email that was founded in 1991, still proved a formidable opponent to the NSA.

The situation only became "catastrophic" when a user constructed a sort of Frankenstein's monster of privacy protection: The Tor network atop other anonymizing services, certain instant messengers and phone encryption apps like RedPhone, for example.

Some combinations rendered a "near-total loss/lack of insight to target communications, presence," according to Der Spiegel's review of the NSA documents, which was also presented at Berlin-based hacking group Chaos Computer Club's annual conference this weekend in Germany.

Nothing is bulletproof, of course. The government has found its way into Tor before, and malicious hackers targeted the anonymity network just last week. Using a combination of privacy methods is the best way to avoid NSA surveillance.

Read more:
Snowden leaks reveal encryption programs that NSA couldn't break