Collected Points From the NSA's Recent Document Dump

Numerous media outlets are going deep into the NSA's recent Christmas Eve document dump while Der Spiegel is supposing itself to cover new Snowden documents.In addition to the unsurprising post-Snowden revelation that NSA analysts routinely acted outside of their legal ability to monitor, a number of technical revelations came out about the NSA's surveillance abilities as they care to disclose them two years ago. As this document dump was an official agency disclosure take it with a grain of salt or several trucks full of salt as you feel necessary.

  • Reflecting its heritage as a signals intelligence agency, the NSA really likes capturing as much traffic as it can, and it likes to scour that traffic for password, key material, and other credentials.
  • HTTPS fares poorly against state level actors. Between flaws brought into the protocol and its implementations like Heartbleed, the Windows Heartbleed analogue, and poor cipher defaults the assumption should probably be that HTTPS isn't offering much additional security. It is also probably far too early to put much hope into the prospect of cleaner HTTPS implementations like LibreSSL offering great security for HTTPS traffic though LibreSSL's seems to be affected by less new security advisories than OpenSSL.
  • All Skype traffic has been theirs for the taking since 2011. Before then thanks in large part to Mircosoft's collaboration.
  • Sometimes they can grab plaintext of data transmitted via SSH. Friends don't let friends use passwords for SSH authentication.
  • The NSA really loves sucking up VPN traffic and often successfully giving it a good read.
  • Contents of email encrypted with PGP/GPG generally seems safe if sent using sane settings. This is going to mean large RSA keypairs, at least 2048 bits but preferably 4096 bits or longer. For message signing use the most secure message digest hash available which is probably going to be SHA-512. For maximum security keep keys and key operations away from Internet connected computers. (correction: This is from Snowden Dumps)
  • Some chat encryption protocols like OTR seemed to give them trouble when intercepted over the wire according to disclosed documents. As Internet chat involves realtime encryption and decryption of messages at the endpoints and taking key operations for encrypted chat offline would be exceedingly difficult, there is they real chance that if they suspect you might be sufficiently interesting they would compromise your machine to make your keys available to themselves.
  • They admit in this document dump that they do indeed work to pervert encryption related standards while they are being developed in order to more easily compromise keys and read traffic more easily.

On the whole much of what came out in this document dump isn't far from what was offered in or could be guessed from the Snowden disclosures. The NSA's strength as they disclose here is not math or science advances that allow them to seemingly magically break strong encryption, but the size and scale of their operations along with their ability to recruit collaborators like Microsoft and subvert standards committees. According to this dump much of the math and science goes into perverting systems before they are born rather than making progress against existing strong encryption. Just remember that this is only information they chose to disclose after much of it had already been disclosed by Snowden.

2 thoughts on “Collected Points From the NSA's Recent Document Dump

  1. The reasonably-interesting stuff (e.g., pertaining to PGP) came from Der Spiegel's massive Snowden dump, not from the official reports!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>