UK and US Intelligence Hack Web Encryption Technology
British and American intelligence agencies are able to break through the encryption technology used to protect internet users' emails, online banking, or medical details from being hacked and access reams of private information.
The latest cache of documents from US whistleblower Edward Snowden reveals that the National Security Agency in the US and the UK's GCHQ have developed a range of methods to circumvent encryption used by companies including Google, Facebook and Yahoo.
They include using supercomputers to break down the encryption codes, negotiating with authorities that set the standards for encryption programmers worldwide, the inclusion of inbuilt vulnerabilites to exploit, and entering top secret agreements with web companies to gain access to messages before they are encrypted.
Among the aims of the programme is to further the efforts to break the encryption for the new wave of 4G phones.
Codenamed Bullrun after the American Civil War battle, the programme cost the NSA an estimated $250m (£160m) this year, dwarfing the £20m per annum spent on the Prism web surveillance programme.
Its British counterpart is codenamed Edgehill after the first major engagement of the English Civil War.
A document outlines the aims of the project: "Project Bullrun deals with NSA's abilities to defeat the encryption used in specific network communication technologies. Bullrun involves multiple sources, all of which are extremely sensitive."
According to one memo, GCHQ officials were "gobsmacked" when they learnt of the extent of the programme's capabilities.
The latest trove of 50,000 documents were published jointly by the Guardian, the New York Times and ProPublica. Experts warned that the revelation risked undermining the trust on which internet use is built.
"Cryptography forms the basis for trust online," Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Centre for Internet and Society, told the Guardian.
"By deliberately undermining online security in a shortsighted effort to eavesdrop, the NSA is undermining the very fabric of the internet."
Critics have also argued that the vulnerabilities in encryption data exploited by the NSA could also be exploited by criminals or other organisations.
Web companies had always insisted that encrypted data was "beyond the reach" of governments.
Microsoft admitted that it had been legally compelled to help the NSA circumvent encryption for its Oulook email and chat services.
According to one document, the NSA expects the programme to obtain access to "data flowing through a hub for a major communications provider" and to a "major internet peer-to-peer voice and text communications system".
© Copyright IBTimes 2024. All rights reserved.