Six years ago, two Microsoft cryptography researchers discovered some weirdness in an obscure cryptography standard authored by the National Security Agency. There was a bug in a government-standard random number generator that could be used to encrypt data.
The researchers, Dan Shumow and Niels Ferguson, found that the number generator appeared to have been built with a backdoor — it came with a secret numeric key that could allow a third party to decrypt code that it helped generate.
According to Thursday’s reports by the ProPublica, the Guardian, and The New York Times, classified documents leaked by NSA whistleblower Edward Snowden appear to confirm what everyone suspected: that the backdoor was engineered by the NSA. Worse still, a top-secret NSA document published with the reports says that the NSA has worked with industry partners to “covertly influence” technology products.
That sounds bad, but so far, there’s not much hard evidence about what exactly has been compromised. No company is named in the new allegations. The details of the reported modifications are murky. So while much of the internet’s security systems appear to be broken, it’s unclear where the problems lie.
The result is that the trustworthiness of the systems we used to communicate on the internet is in doubt. “I think all companies have a little bit of taint after this,” says Christopher Soghoian, a technologist with the American Civil Liberties Union.
The latest documents show that the NSA has vast crypto-cracking resources, a database of secretly held encryption keys used to decrypt private communications, and an ability to crack cryptography in certain VPN encryption chips. Its goal: to crack in a widespread way the internet’s security tools and protocols.
David Dampier, the director of the Center for Computer Security Research at Mississippi State University, says it’s “wrong” for companies to add backdoors. But he added that the latest revelations of the government’s alleged decryption capabilities aren’t surprising.
“I think that no encryption created by anyone is going to protect you from everyone. The stronger the encryption the harder they are going to work to decrypt it,” he said. “I don’t care what company is selling you encryption software. Whatever they are going to sell you, it can be decrypted. There’s nothing that is infallible.”
The reports talk about the NSA’s attempts to exploit software bugs, break codes and accumulate encryption keys — this is all stuff that most security experts expected the surveillance agency to be doing. But here’s the most unsettling part: A leaked excerpt from the agency’s 2013 budget request talks about the NSA working with “US and foreign IT industries to covertly influence and/or overtly leverage their commercial products designs.” The document explicitly says: “These design changes make the systems in question exploitable.”
Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, calls the latest leaks disturbing. “We went through this debate with the Clipper Chip, and it was clear where public opinion stood,” he says, referring to a backdoor technology the NSA wanted to install in all encryption two decades ago.
“If these claims are true, and the NSA introduced backdoors into global security standards, this seems like a clear perversion of democracy,” Castro added. “This just further erodes the competitiveness of U.S. tech companies. In particular, I think this enlarges the scope of companies that will suffer backlash since cryptographic standards are often embedded in hardware.”
Castro wrote a report last month predicting that Snowden’s PRISM revelations could cost the U.S. cloud-computing industry as much as $35 billion over the next three years as companies shied away from U.S. internet service providers, which are said to be providing government access to their servers.
You’ll hear much the same from Dave Jevans, the founder of Marble Security, an enterprise mobile security provider and the former chief executive of IronKey, He says that it “would be extremely bad” for a tech company to give the government a backdoor.
“It may not be the death knell,” he added, referring to Crypto AG, a Swiss encryption companies alleged to have rigged their machines for the NSA in the 1990s. ”They’re still around, but barely.”
But not everyone thinks that U.S. competitiveness will be hit. The documents talk about the NSA working with foreign companies too. “I don’t think there’s going to be any direct major impact because there aren’t any other countries that are cherubs in all this either,” says Paul Kocher, president of Cryptography Research.
The number generator found in 2007 — called Dual_EC_RNG — was hardly a technical triumph. It was clumsy and slow and never widely used, but it is supported in Microsoft’s Windows operating system.
Microsoft has said in the past that it does not provide the government with “direct and unfettered” access to customer data, and it says much the same today. “We have significant concerns about the allegations of government activity reported yesterday and will be pressing the government for an explanation,” the company said Friday.
But the doubt is still there. And that’s the problem.
By DAVID KRAVETS AND ROBERT MCMILLAN