Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy Security The Internet United States Hardware

NSA Targeted 'The Two Leading' Encryption Chips (theintercept.com) 113

Advocatus Diaboli sends a report from Glenn Greenwald at The Intercept about the NSA's efforts to subvert encryption. Back in 2013, several major publications reported that the NSA was able to crack encryption surrounding commerce and banking systems. Their reports did not identify which specific technology was affected. The recent backdoor found in Juniper systems has caused the journalists involved to un-redact a particular passage from the Snowden documents indicating the NSA targeted the "two leading encryption chips" in their attempts to compromise encryption. Quoting: The reference to "the two leading encryption chips" provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that "the damage has already been done. From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way."
This discussion has been archived. No new comments can be posted.

NSA Targeted 'The Two Leading' Encryption Chips

Comments Filter:
  • Remember Huawei? (Score:5, Interesting)

    by Ragnarok89 ( 1066010 ) on Tuesday January 05, 2016 @11:32AM (#51241863)
    Remember the big scare a while back about backdoors in Huawei network switches and routers? Looks like we weren't that far behind.
    • Re:Remember Huawei? (Score:5, Interesting)

      by Sique ( 173459 ) on Tuesday January 05, 2016 @12:41PM (#51242323) Homepage
      I would rather guess that the NSA knew about their own backdoor, and thus they suspected China of doing the same. It's a rule of thumb for me: If one side in a conflict warns about shenanigans from the other side which are not provable yet, you can safely assume that a) the first side thought about it themself and b) has already implemented it.
    • Manufacturing the latest Google Nexus..

    • by AmiMoJo ( 196126 )

      The difference is that we have concrete proof of the NSA backdoors. Apparently the Chinese ones are so good no one else has found them yet, at least not publicly.

  • Well of course ... (Score:5, Informative)

    by gstoddart ( 321705 ) on Tuesday January 05, 2016 @11:41AM (#51241899) Homepage

    From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way

    Not just encryption, but pretty much any US created technology ... cloud services or anything else.

    If the US has made their technology companies part of their spy apparatus, then who the hell would trust a US technology company? You simply can't.

    So don't go all boo-hoo that people are looking at your products with some skepticism they can trust you when you created the situation in which they can't trust you.

    Anybody outside of the US has no choice but to look at US technologies and ask "given that it's almost certain they're under the thumb of the NSA, what are my alternatives?"

    You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore.

    • by Anonymous Coward on Tuesday January 05, 2016 @12:33PM (#51242259)

      Have you seen Intel's Management Engine (ME).

      Jesus Christ on a hopping frog. It's basically a system for allowing Intel/NSA/GCHQ free reign over your IT.

      It's a small computer that runs alongside your main machine. It's sips power and runs even when the machine is off. It talks directly to the network card and takes instructions/returns data. It has open access to the entire machine's memory. You aren't allowed to know what it does. The entire system is cryptoed and proprietary.

      Intel is flogging this nightmare as a management system... when you couldn't design a more effective government sponsored backdoor into every PC. It's Intel giving the spies their wettest of dreams.

    • "You can't have it both ways. And you don't get to whine if people stop buying your products because they can't trust you anymore." No but we get to call you stupid if you think that any of the competing products is not just as, if not more compromised. A) The US has the reach to compromise ANY manufacturer in the world. and B) You add the any local nations government to the list. But American you get snooped on the US, buy Chinese you get snooped on by the US and the Chinese, buy EU get snooped on by th
      • by Anonymous Coward

        Prefer the non-US/EU/Australian. Go Chinese first, they tend to stick to themselves, so at least that provides a reasonable buffer from NSA/GCHQ/ASIO.

        - foreigner from allied country

    • And you don't get to whine if people stop buying your products because they can't trust you anymore.

      Why the hell not?

      If my government is damaging my business, against my wishes, in order to spy on me (and the rest of the world), I'd damned well better not just whine but yell and shout. I suppose the "you" in your statements was intended to refer to the US as a whole, but the US as a whole didn't do it and isn't on board with it. Unfortunately, a lot of voters who don't understand the issues and are afraid of brown people are on board with it. That just means those of us who do understand need to educate

  • Too late (Score:5, Interesting)

    by U2xhc2hkb3QgU3Vja3M ( 4212163 ) on Tuesday January 05, 2016 @11:41AM (#51241905)

    From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way.

    I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.

    Signed,
    the rest of the world.

    • by Anonymous Coward

      From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way.

      I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.

      Signed,
      the rest of the world.

      Yes, much better to trust the equipment made in China...

      At this point unless you produce domestically, then the origin of your communications equipment determines which intelligence service (and their former employees and subcontractors) you are trusting with your national security. Even then, with the probable level of infiltration on all sides it is going to be hard to tell which foreign intelligence and criminal gangs DON'T have you by the balls.

    • From what I've heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That's too bad, because I suspect only a minority of products have been compromised this way.

      I think it's more because of the NSA, CIA, etc and the general feeling we get from the U.S.A. that we cannot trust anything you do, period.

      Signed, the rest of the world.

      How about you prove that the rest of the world hasn't already followed suit.

      Hugs and Kisses,

      - Common F. Sense

  • The failure is applying it FAR too broadly and in domestic surveillance which they are specifically prohibited by law from performing.
  • It was time for some more NSA red-meat to rile up the rabid /. base

  • Only a minority? (Score:3, Interesting)

    by sehlat ( 180760 ) on Tuesday January 05, 2016 @12:32PM (#51242245)

    That's too bad, because I suspect only a minority of products have been compromised this way.

    When you have a 55-gallon drum of sewage with a teaspoon of pure water in it, you have a 55-gallon drum of sewage.
    When you have a 55-gallon drum of pure water with a teaspoon of sewage in it, you have a 55-gallon drum of sewage.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      And yet with the proper processing, either drum can be turned into clean, safe drinking water. That's why to some extent, none of this matters. You can use all the compromised leaky back-doored broken products that you want (this is what you're doing anyway, every time you communicate over the Internet, where your packets are routed through other peoples' systems), provided that all the data that these products ever see, is your cyphertext.

      That's hard to do with a phone (you're not going to "tunnel through

      • by sehlat ( 180760 )

        "Trust but verify." The ability to verify, usually referred to as transparency, is necessary for the establishment of trust. Anything you cannot understand or verify is not trustworthy. You may be forced by circumstances to "trust" it, but if it says "no user serviceable parts inside," the trust is hollow

      • by sehlat ( 180760 )

        And yet with the proper processing, either drum can be turned into clean, safe drinking water.

        It occurs to me that a somewhat different analogy is in order.

        You have ten bottles of wine from a foreign country standing in front of you. You have absolute knowledge from an informant that your enemies have put undetectable poison in two of those bottles, and they've even told you which two have the poison. They have not provided any information about the other eight bottles. Remember, the poison is undetectable.

  • Purposeful, nonconsensual, warrantless, bit manipulation of a private computer, located inside a home (or other constitutionally protected zone of privacy) within the United States is very likely a clear civil rights violation.

    Should this become provable, the NSA won't be able to stay out of Federal Court.

    I would like to trust the NSA (I really would), but J. Edgar Hoover.

    Fool me once....

  • Fall back to one time pads for your embassies. No more huge networks chattering on crypto hardware from "trusted" fast, imported brands that seem to work for every other embassy. The big foreign brands are selling out your networking to competing nations every decade. Reduce the imports and use of any systems that report back to other nations by default as designed, as sold, as installed.
    Great for interacting with tourists but dont put the entire nations secrets on foreign systems.
    Have staff fly back h

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...