Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Targeted 'The Two Leading' Encryption Chips (theintercept.com)

Posted by Soulskill on from the makes-more-sense-than-targeting-the-two-trailing-ones dept.

Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption. Quoting: The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."

11 of 113 comments (clear)

  1. Remember Huawei? by Ragnarok89 · · Score: 5, Interesting

    Remember the big scare a while back about backdoors in Huawei network switches and routers? Looks like we weren't that far behind.

    1. Re:Remember Huawei? by Sique · · Score: 5, Interesting

      I would rather guess that the NSA knew about their own backdoor, and thus they suspected China of doing the same. It's a rule of thumb for me: If one side in a conflict warns about shenanigans from the other side which are not provable yet, you can safely assume that a) the first side thought about it themself and b) has already implemented it.

      --
      .sig: Sique *sigh*
  2. Too late by U2xhc2hkb3QgU3Vja3M · · Score: 4, Interesting

    From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way.

    I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.

    Signed,
    the rest of the world.

  3. Re:Good on them by rmdingler · · Score: 4, Interesting
    If you believe there is a pressing reason for our spy agencies to engage in backdooring the work of private companies, then you (perhaps) have an argument.

    However, if you are inept enough to keep getting caught in the act, eventually all you do is cripple foreign sales of the companies who cooperate with your efforts.

    Eventually, you have less ability to target the threats you are so afraid of.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  4. Re:How is this a story exactly? by Sique · · Score: 3, Interesting
    This is not about breaking cryptography. Ever governmental agency can legally force domestic companies to include a backdoor and keep their mouth shut about it. China was publicly suspected of shipping one with Huawei products, probably in an attempt to twart Huawei's success in selling them to U.S. customers and customers in their allied countries.

    This is about deliberately sell defective products to about anyone.

    I would applaud the NSA if they managed to include their backdoor in Huawei products. That would have been quite a stunt.

    --
    .sig: Sique *sigh*
  5. Re:Good on them by Kjella · · Score: 4, Interesting

    Spying is not about having backdoors in hardware you produce in your own country. It's about getting those into foreign countries, foreign hardware, and about defeating encryptions that you're NOT already in control of. Literally, a signed court order saying that Cisco/Juniper has to put in a backdoor for US intelligence into products X, Y, Z achieves this aim in the same way. With non-disclosure clauses, it's as secret. That's not what the NSA should be wasting their time on, if that's even what the US want to do.

    Sure, because slapping a multi-national full of foreigners with no security clearance with an NDA is totally simliar to an in-house NSA project with all Top Secret clearances. And if China or Russia is the customer, we'll just make a special order just for you without anybody noticing. It's not like the end result would be any better either, everybody would wonder if their hardware has been NSL'd instead of r00ted. I'm not saying either way is a good gamble, but I'd rather take the technical one than the legal one.

    --
    Live today, because you never know what tomorrow brings
  6. Re:FTFY by Anonymous Coward · · Score: 4, Interesting

    "without question, protected by US free speech rights even if the US government happened to have been able to access some of the encrypted data."

    The US is not the bastian of freedom you seem to think it is.

    The US treated the detainees at Guantanamo bay with utter disregard for civil rights and international law.

    Your double-think is disgusting.

  7. Only a minority? by sehlat · · Score: 3, Interesting

    That's too bad, because I suspect only a minority of products have been compromised this way.

    When you have a 55-gallon drum of sewage with a teaspoon of pure water in it, you have a 55-gallon drum of sewage.
    When you have a 55-gallon drum of pure water with a teaspoon of sewage in it, you have a 55-gallon drum of sewage.

  8. Re:Well of course ... by Anonymous Coward · · Score: 5, Interesting

    Have you seen Intel's Management Engine (ME).

    Jesus Christ on a hopping frog. It's basically a system for allowing Intel/NSA/GCHQ free reign over your IT.

    It's a small computer that runs alongside your main machine. It's sips power and runs even when the machine is off. It talks directly to the network card and takes instructions/returns data. It has open access to the entire machine's memory. You aren't allowed to know what it does. The entire system is cryptoed and proprietary.

    Intel is flogging this nightmare as a management system... when you couldn't design a more effective government sponsored backdoor into every PC. It's Intel giving the spies their wettest of dreams.

  9. Re:How is this a story exactly? by Anonymous Coward · · Score: 5, Interesting

    Who here is shocked that a government agency whose job it is to FUCKING BREAK CRYPTOGRAPHY would target products that people actually use for cryptography?

    Obviously, nobody is "shocked" or is even claiming that someone else is stupid enought to be shocked. The emotion is anger, not shock.

    Why? Because actually the NSA's job is to protect US security, whereby breaking crypto is only one possible strategy for accomplishing that goal. A rational actor running the NSA might decide that it would be directly contrary to their mission to undermine the encryption used by the US, and also contrary to their mission to undermine the sale of US products.

    For whatever reason, that's not what they decided, so now we have a less secure country than if the NSA had done nothing.

    Either someone made a dumb decision (d'oh!), or someone within the NSA decided to do the opposite of their job (in exchange for whatever from whomever). Either way, that's something to be legitimately angry about. We all realize that even the cleverest mathematicians can have stunning-stupid PHBs telling them to do stupid things, but we all tend to hope for better. (Nothing wrong with trying to set the bar high, is there?) And one of the neat things about America is that above the PHBs there's an elected president. And now we're seeing that even as late as 2010 the guy on top wasn't firing people left and right for incompetence and betrayal, so we have yet again, another president in a long uninterrupted series of presidents making the wrong call.

    It's like we really are too stupid to elect someone to end the stupidity. Worse, at this point it looks like pretty much no matter how things go, in Jan 2017 we are going to get an even worse president than the last two. That's no matter whether you think the country is going to vote R or D. (Hillary Trump will have us longing for a return of Barrack Bush.) So that means the NSA is going to be working against the interests of America's security through at least 2020 (and We The People will be funding them, with taxes and externalities). With friends like these, we don't need enemies. Leave it to us, IIS and Al Queda: just sit back and relax.

    And yes, telling people about evidence of what they had already suspected, is news. Unless you're going to tell me that when aliens are (or aren't) found, viable fusion power is (or isn't) invented, and next year's CPUs are a few percent faster, those things also won't be news. (But you're not really going to claim you're that stupid, are you?)

  10. US sourced technology a real problem by Anonymous Coward · · Score: 0, Interesting

    With the way America behaves, I don't see how US hardware is even an option for corporate entities. The post WW2 plunder of European technology, and attempts to control and dominate the foreign policies of other countries, should offer sufficient evidence.
    If there were even some attempt to prosecute those responsible for the criminality within the US regime, then there might be some belief that there was anything other than malicious intent, but there isn't.