Skip to content

NSA Bullrun program, encryption and false perception of security

by Pierluigi Paganini on September 7th, 2013
NSA Bullrun program

Revelations on Bullrun program demonstrated that NSA has capabilities against widely-used online protocols such as HTTPS and encryption standards.

The latest nightmare for US Administration is named Bullrun, another US program for massive surveillance. Snowden‘s revelations represented a heartquake for IT security, the image of NSA and US IT companies are seriously compromised such the trust of worldwide consumers.

The extension of US surveillance activities seems to have no limits neither borderlines, every communication and data despite protected with sophisticated encryption mechanisms were accessible by US Intelligence and its partners like Britain’s GCHQ.

The New York Times and The Guardian newspapers and the journalism non-profit ProPublica  revealed details of the new super secret program, codenamed Bullrun, sustained by the NSA to have the possibility to bypass encryption adopted worldwide by corporates, governments and institutions. The Bullrun program is considered the second choice of U.S. Government to the failure in place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications.

Be aware we are not speaking of cracking algorithms, Snowden warned that NSA bypass encryption targeting end point of communications:

“Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said to the Guardian.

The Intelligence Agency has inducted vendors and manufactures to include backdoors in their products or to disclose related encryption keys  to allow the access data, this is the core of the Bullrun program. Snowden revelations are causing the collapse of many certainties, last in order of time is the integrity of encryption standards, according the popular newspapers NSA has worked to undermine the security of those standards.

Following an image of classification guide to the NSA’s Bullrun decryption program

NSA Bullrun Doc

The repercussions are critical, the diffusion of the defective encryption standard has exposed the same data accessed by NSA to the concrete risk of stealing operated by third party actors such as foreign state-sponsored hackers and cybercriminals.

“The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets,” “Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.”commented Christopher Soghoian, principal technologist of the ACLU’s Speech, Privacy and Technology Project.”

Suddenly the IT world discovered that has perceived a false sense of security, the repercussion on the global security market are enormous, customers have put their trust in the wrong companies, too often they have been deceived by false myths and new paradigms (e.g. Cloud computing) designed to facilitate the surveillance operated by intelligence agencies.

Bullrun program is the last revelation on a nefarious policy conducted by one of the major security agencies, ironically because of its willingness to supervise each and every date of the largest Internet has made it unsafe. Chasing the concept of security NSA has actually opened loopholes in the global information systems that could have benefited powers such as China or terrorist groups.

The surveillance programs such as Prism and Bullrun are certainly questionable, as well as the conduct of major American companies that have gone along with his demands.

NSA and other agencies siphoned data from land and undersea cables, just after the revelations on PRISM program intelligence has started a misinformation campaign sustaining that US authorities was working to find the way to crack encrypted traffic, in reality the agency has no reason to do it and the Bullrun program is the proof. Misinformation as a pure diversion to influence the global sentiment and keep the lights of the media far from the dirty collusions of governments and private companies.

“None of methods used to access to encryption keys involve in cracking the algorithms and the math underlying the encryption, but rely upon circumventing and otherwise undermining encryption.”

The newspapers sustains that NSA maintains an internal database, dubbed “Key Provisioning Service”, of encryption keys for each commercial product. Using the Key Provisioning Service the NSA is able to automatically decode communications and access to encrypted data. Every time the agency needs a key for a new product it formalizes a request to obtain it, the request is so-called Key Recovery Service.

Other news reported that in one circumstance the US government learned that a foreign intelligence had ordered new computer hardware and after pressure of NS A the US vendor agreed to insert a backdoor into the product before it was deployed.

Keys are provided by vendors or obtained by the intelligence with hacking campaign against infrastructures of product providers.

“How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored,” “To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means.” states NYT.

The most disturbing revelation involves the NSA’s efforts to deliberately weaken international encryption standards developers use to make their encryption secure, according to a classified NSA memo obtained by NYT the fatal weakness discovered by two Microsoft cryptographers in 2007 in a 2006 standard was intentionally engineered by the NSA.

“Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,”“If the backdoor is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.” said cryptographer Bruce Schneier.

“Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating with technology companies at home and abroad to include backdoors in their products. The Snowden documents don’t identify the companies that participated.”

The Bullrun program, according to the documents, “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” By this year, the Times reports, the program had found ways “inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws.”

We are therefore assuming that the U.S. Government has deliberately prompted to enter bugs in software solutions sold worldwide, the knowledge of those flaws could then have been sold in the black market of zero-day vulnerabilities  about which so much has been discussed. At that point, probably the same U.S. Intelligence would offer big bucks to buy back the zero-day to cover traces of the shocking activities.

Which are the targets of the NSA?

Everyone! The imperative is global monitoring, ISP, Internet phone call and text services and mobile operators are privileged targets according the paper, and I add social media platforms.  Of course now every internet users desire to stay far from prying eyes, the use of anonymizing network and secure messaging system is exploding, Tor metrics data revealed an incredible increase of total number of Tor users.

The unique certainties are that the surveillance program will continue and the expense of monitoring activities will increase exponentially, there is another consideration to do related to the global commerce for security solutions. The global market will be seriously impacted, fall of trust in US security vendors could advantage other players, the equilibrium is jeopardized when trust is broken and open source software will live a new peak of popularity waiting for the next incident.

Pierluigi Paganini

(Security Affairs – Bullrun, NSA, surveillance)

Comments are closed.