How the NSA sabotaged the internet

Trust is the world's most valuable intangible commodity. Economies, political systems, partnerships and marriages rise or fall based on it. All commerce – both online and offline – rests on it. And yet the US's National Security Agency (NSA) is actively and recklessly undermining the fabric of trust that holds the internet together.

The New York Times, along with the Guardian and Pro Publica, has revealed that the NSA spent more than a decade compromising and sabotaging the encryption systems that underpin secure communications via the internet. Since 2010, it has been able to decrypt vast swathes of this supposedly private information at will, and often in realtime as it flows over the communication cables that the NSA now routinely taps.

Anyone who's used internet banking or shopped online is familiar with the comforting green padlock that appears in our browsers when we transact online. This padlock tells us "don't worry – the details of this transaction are scrambled so thoroughly that no criminal will be able to get at them."

Were technology the only factor at play, you would be able to trust that green padlock implicitly. The only way to unscramble such encrypted data is with the key. One way to do this is through "brute force" – tasking legions of computers with "guessing" every possible combination until they hit on the right one. Even with millions of computers at your disposal the 128-bit encryption that is now standard on the web would require literally billions of years to crack.

So how is the NSA managing to unscramble these billion-year keys? Simple – it is attacking the people who design and maintain them and the infrastructure that holds them, rather than the keys themselves.


One way it does this is to coerce the large internet companies that maintain security systems into handing over the master encryption keys. The NSA maintains a database of these master keys which it uses to decrypt communications on demand. In cases where coercion fails, the New York Times's security sources speculate that keys are "probably collected by hacking into companies' computer servers".

Another vector of attack is to force hardware companies to secretly alter their devices in ways that give the NSA "back door" access to private communications. These chips allow the NSA to grab the data before it is encrypted. The New York Times only has evidence for one such occurrence so far, but the chances of it being an isolated incident are extremely slim.

But perhaps the most heinous breach of trust and common sense is the NSA's efforts to influence the very standards on which security systems are built. The agency has successfully planted vulnerabilities in security standards and then surreptitiously steered them to acceptance by international bodies.

In the late 1990s, the NSA insisted that a back door be added to all security systems. The security industry refused outright, and so the NSA spent the next decade and a half doing so without the industry's consent or knowledge.

By far most troubling thing about these revelations isn't the calculated attack on privacy, or even the troubling closeness of government agencies and corporations, it's the very real chance that technical details of these vulnerabilities will fall into the wrong hands.

If Chelsea Manning or Edward Snowden could publically leak highly classified information for a good cause, what's to stop a more unscrupulous renegade from using these vulnerabilities to covertly steal millions or even billions of dollars?

Forget mere crime, what's to stop the Iranians or the North Koreans playing the same game? These are nuclear (or near nuclear) states run by dictatorial fanatics. Does the US government really believe intentionally sabotaging the bedrock of encryption technology will not benefit them in the long run?

Doomsday prophecies aside, if the general public loses trust in security and privacy on the internet, the economic and social effects will be catastrophic. The industry spent two decades convincing people that transacting online is safe. Hundreds of billions of dollars in commercial transactions now flow over the internet each year. The NSA and its encryption cowboys would snuff that out in a heartbeat with their reckless and short-sighted snooping.

If the Barack Obama administration has any sense it will immediately call for a halt to these practices and launch an enquiry into them. The American public, and indeed the world, needs to rise up and condemn this unconscionable attack on one of the world's most important resources.

The goal of terrorism is to sow fear and discord in your enemies' ranks, and in so doing divide and weaken them. The NSA's actions are proof that the terrorists are currently winning the long game: they may be killing fewer people, but they are slowly but surely strangling a whole way of life – and the NSA is helping them do so.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Related stories

Cooper, the grocery assistant with AI, gives concierge service

The coronavirus pandemic has demonstrated that there is not a part of our lives that will not be affected by the technologies of the fourth industrial revolution.

Digital financial services could fast-track UN SDGs

COMMENT The world is going through unprecedented challenges caused by a novel,...

To have a dad like Raymond Ackerman

'Most days, however, looking at it from my side of the fence, the idea of a parent company is somewhat jaded'

Internet shutdowns violate human rights

Social media has changed the way wars are fought and oppression is resisted, resulting in governments disrupting connectivity

Click here. Actually, no, don’t

'Sometimes I think South African retail websites don’t actually want to sell anything'

Chinese woman’s online snake purchase proves deadly

The young woman in the northern province of Shaanxi died eight days after being bitten by the many-banded krait
Advertising

Subscribers only

SAA bailout raises more questions

As the government continues to grapple with the troubles facing the airline, it would do well to keep on eye on the impending Denel implosion

ANC’s rogue deployees revealed

Despite 6 300 ANC cadres working in government, the party’s integrity committee has done little to deal with its accused members

More top stories

It’s not a ‘second wave’: Covid resurges because safety measures...

A simple model shows how complacency in South Africa will cause the number of infections to go on an upward trend again

Unisa shortlists two candidates for the vice-chancellor job

The outgoing vice-chancellor’s term has been extended to April to allow for a smooth hand-over

How US foreign policy under Donald Trump has affected Africa

Lesotho has been used as a microcosm in this article to reflect how the foreign policy has affected Africa

Trouble brewing for Kenya’s coffee growers

Kenyan farmers say theft of their crop is endemic – and they suspect collusion
Advertising

press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday