Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Says They Have VPNs In a 'Vulcan Death Grip'

Posted by Soulskill on from the +1-for-attempting-a-trek-reference dept.

An anonymous reader sends this quote from Ars Technica: The National Security Agency's Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP's VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

5 of 234 comments (clear)

  1. Re:4 years ago? by khasim · · Score: 5, Interesting

    It's not so much the VPN technology as it is the failure to correctly implement and secure it.

    TFA leaves the real content until the end of the article:

    The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) harvested from sources such as exploited routers and stored in a key database ...

    So if the NSA wants to "crack" your VPN session they first record it (we know how they do that) then they try to brute force that recording using what is, essentially, a dictionary attack.

    TFA seems more entranced by the cutesy names than by the technology.

  2. Good news by Charliemopps · · Score: 4, Interesting

    This is actually good news. The clearly state that "Ubiquitous Encryption" is a threat to the NSA. They are currently assuming that encrypted traffic is something they should target so if everything's encrypted... viola.

    So go out, encrypt everything you can. I'm looking directly at you SlashDot. Fix your 10yrs out of date website for christs sake. You want me to start using "Beta"? Secure it!

  3. Re: What IP address ranges are in the US? by Richard_at_work · · Score: 4, Interesting

    Does any other nation have an intelligence budget that even approaches that of the U.S.?

  4. We should use the DMCA by seeker_1us · · Score: 4, Interesting

    My content sent over VPNs is original work encrypted to protect it against those not authorized to have a copy. It is thus covered by copyright law. The NSA is circumventing encryption to obtain illegal access to copyright work.

  5. Re: What IP address ranges are in the US? by sound+vision · · Score: 4, Interesting

    You don't think there's still the old-school hacker way to break into systems, by hacking, not buying backdoors from corporations? I'd wager that a team of no more than 5 or 10 top-notch hackers could pull off a Stuxnet- or Sony-style attack. And it may only take the cost-equivalent of 50 soldiers-with-tanks-and-support-column to do it. Normal soldiers are actually really expensive when you think of all the supplies and equipment they need in addition to just the pay and benefits. To house and feed a literal army of men for years at a time probably costs much more than putting up a roomful of hackers. Have you ever heard of the term "asymmetric warfare"? Many countries are missing entire branches of military like navy and air force and their associated expenditures. Think of the R&D funding for that alone going to hackers - you could have a hacker army. All you need is the right recruiting program, which is probably easier to put together than the US military budget. I predict we will see many more high-profile breaches before people start taking security more seriously.