Items from security-related news (E116.Sep-2013)
As previously noted in Cipher, NSA is building a huge data center in Bluffdale, Utah. This article, published over a year ago, seems to foreshadow the revelations of Snowden's disclosures, as well as other developments at Oak Ridge. Bamford states: "According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US."
The NSA's efforts to intercept and read Internet traffic on a massive scale are further detailed in this article. Cooperating technology providers insert weaknesses into products and security standards for protected communications. Ordinary customers are described in NSA documents as "adversaries".
Deliberately flawed? RSA Security tells customers to drop NSA-related encryption algorithm
September 20, 2013
The company RSA, a long-time supplier of cryptographic software, issued an advisory to its customers to stop using the default pseuro-random number generator. The algorithm in question is based on elliptic curves over finite fields, and it is unclear why RSA used it as its default algorithm. There is speculation that the NSA promoted use of the method because they knew that its weaknesses would make it easier to decrypt data used by RSA customers.
Google accelerated the pace of its project to encrypt its infrastructure communication in the light of the US surveillance of Internet traffic and its use of Google data to investigate activities of US citizens. While acknowledging that the measures would not eliminate the surveillance, Google seeks to make mass dragnets more difficult.
According to the recently revealed "Black Budget" of the US government spy agencies, of the 231 offensive operations conducted in 2011, the budget said, nearly three-quarters were against top-priority targets, (e.g., China and North Korea) and activities such as nuclear proliferation.
The Internet company Yahoo released some information about the number of requests for data about its users and their data that it received from the US government thus far in 2013. Of the 12,444 request covering 40,322 users, only 2 per cent were rejected by the company.