Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

The Eagle

How Microsoft Handed The Nsa Access To Encrypted Messages

Recommended Posts

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

Full article here: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

Using Microsoft products for confidential data (especially company confidential data or customer confidential data) is clearly reckless after these detailed revelations. A PC running WIndows is completely open to abuse, no firewall or anti-virus will prevent your data to be syphoned off.

As far as I can see the only viable solution to keep your business secrets and confidential data protected is to use Linux and Open Source software as Apple likely collaborates in a similar manner with the NSA.

---

Share this post


Link to post
Share on other sites

As far as I can see the only viable solution to keep your business secrets and confidential data protected is to use Linux and Open Source software as Apple likely collaborates in a similar manner with the NSA.

No, the only viable solution to keep your business secrets protected is not to have any customers. I don't think it will prove popular.

Share this post


Link to post
Share on other sites

Full article here: http://www.guardian....ation-user-data

Using Microsoft products for confidential data (especially company confidential data or customer confidential data) is clearly reckless after these detailed revelations. A PC running WIndows is completely open to abuse, no firewall or anti-virus will prevent your data to be syphoned off.

As far as I can see the only viable solution to keep your business secrets and confidential data protected is to use Linux and Open Source software as Apple likely collaborates in a similar manner with the NSA.

---

The most delicious irony in all of this is that in trying to subjugate the entire world the US govt has holed its own technology giants below the waterline. No-one, not even Americans, will trust US IT solutions ever again!

Share this post


Link to post
Share on other sites

Heard on the wireless this morning that the Russian govt is considering going back to the typewriter :lol:

Share this post


Link to post
Share on other sites

Don't see what all the fuss is about.

Everyone knows email is not secure. A load of people I know seem to get their passwords hacked and the account used for spam on a regular basis.

If you are really interested in secure comms you use some sort of encryption before email, pgp or something like that.

Share this post


Link to post
Share on other sites

Full article here: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

Using Microsoft products for confidential data (especially company confidential data or customer confidential data) is clearly reckless after these detailed revelations. A PC running WIndows is completely open to abuse, no firewall or anti-virus will prevent your data to be syphoned off.

As far as I can see the only viable solution to keep your business secrets and confidential data protected is to use Linux and Open Source software as Apple likely collaborates in a similar manner with the NSA.

---

For once, I don't think you're being paranoid. I'd assume as a matter of course that anything I send out on the internet (including this post!) might be intercepted, and that there is at least a possibility that closed-source software might also be transmitting my data without my knowledge. As you say, using open source software is the only way to ensure confidentiality.

Edit: And I imagine that quite a few non-US governments might be waking up to that just now - expect Microsoft sales to fall!

Share this post


Link to post
Share on other sites

As you say, using open source software is the only way to ensure confidentiality.

If you compile it yourself after studying the source code and don't connect your computer to the internet, yes.

Share this post


Link to post
Share on other sites

If you compile it yourself after studying the source code and don't connect your computer to the internet, yes.

Now that I do call paranoid.

Share this post


Link to post
Share on other sites

Don't see what all the fuss is about.

Everyone knows email is not secure. A load of people I know seem to get their passwords hacked and the account used for spam on a regular basis.

If you are really interested in secure comms you use some sort of encryption before email, pgp or something like that.

Well exactly even if you send an email PGP encrypted, all the other party has to do is unencrypted, all they have to do is unencrypt it and post it on a forum if they want to.

I think organisations need secure internal systems however, to stop R&D and commercial secrets being lifted.

Not sure this is entirely about terrorism, but to steal confidential private and commercial data for gain.

If your commercial email system runs on Google or Hotmail, and you are developing something, then you are bonkers IMO.

Share this post


Link to post
Share on other sites

Is anyone with the remotest interest in these things really surprised, really?

_NSAKEY was a variable name discovered in Windows NT 4 Service Pack 5 (which had been released unstripped of its symbolic debugging data) in August 1999 by Andrew D. Fernandes of Cryptonym Corporation. That variable contained a 1024-bit public key.

edit: ah well, there's always Android...

Quartz: No wonder China is worried about Android—the NSA helped write its source code

Share this post


Link to post
Share on other sites

Well exactly even if you send an email PGP encrypted, all the other party has to do is unencrypted, all they have to do is unencrypt it and post it on a forum if they want to.

I think organisations need secure internal systems however, to stop R&D and commercial secrets being lifted.

Not sure this is entirely about terrorism, but to steal confidential private and commercial data for gain.

If your commercial email system runs on Google or Hotmail, and you are developing something, then you are bonkers IMO.

I have recollections that...........

PGP was uncrackable in its original form...........

however................

It was quickly "threatened" that unless it gave the American government a back door (which it then did) it would be outlawed

So PGP has always been crackable by the FBI/CIA etc (at least in its retail form) :angry:

thing is........... I don't care if they "root" through my stuff - I have nothing to hide (I am openly a pervert :lol: )

Share this post


Link to post
Share on other sites

thing is........... I don't care if they "root" through my stuff - I have nothing to hide (I am openly a pervert :lol: )

One aspect to this which is, to my knowledge, not being covered by the corporate media is the scope this extensive, unaccountable surveillance gives to the likes of the FBI/ NSA to blackmail people who are 1. Perverts and 2. In positions of authority.

One whistleblower, Russ Tice, has claimed that's exactly what's been going on...

On June 19, 2013, Tice claimed while being interviewed that the NSA had spied on Barack Obama himself while he was still a senator, along with monitoring federal judges, ranking military officials, and other members of congress, saying he himself had seen and held papers ordering such actions.[8][9][10] He went on to say, "This thing is incredible what NSA has done. They've basically turned themselves - in my opinion - into a rogue agency that has J Edgar Hoover capabilities on a monstrous scale on steroids."

Tice has even claimed in a couple of interviews I've heard that people being considered for certain public offices have been appointed to those offices even though they had skeletons in their cupboards. Tice infers that they were selected for promotion because they had secrets which left them vulnerable to manipulation.

Share this post


Link to post
Share on other sites

Is anyone with the remotest interest in these things really surprised, really?

edit: ah well, there's always Android...

Quartz: No wonder China is worried about Android—the NSA helped write its source code

But at least with Android, it is possible to examine the source code contributed by the NSA, and I'm sure the Chinese will have done so in minute detail. The Chinese worries are more likely commercial ones based on Google's domination of a market that they'd like to break into themselves. Apple's iOS is, of course, another kettle of closed-source fish.

Share this post


Link to post
Share on other sites

I have recollections that...........

PGP was uncrackable in its original form...........

however................

It was quickly "threatened" that unless it gave the American government a back door (which it then did) it would be outlawed

So PGP has always been crackable by the FBI/CIA etc (at least in its retail form) :angry:

thing is........... I don't care if they "root" through my stuff - I have nothing to hide (I am openly a pervert :lol: )

PGP is opensource software. It's been scutinized by 1000s of hackers over the years and none of them have found any flaws or backdoors. Of course it's possible that the NSA knows a piece of advanced mathematics which makes PGP easier to crack but since they no longer have a monopoly on cryptography research that advanced math can be found by anyone else too.

For anyone interested in cryptography check out Bitmessage It's a very interesting concept in private communications and it's based on my favourite protocol, Bitcoin B)

Share this post


Link to post
Share on other sites

Heard on the wireless this morning that the Russian govt is considering going back to the typewriter :lol:

It is possible to spy on an IBM golf-ball typewriter simply by recording the noise it makes. There was also attempts to detect movement of the same with microwave radar. Where did this happen? Moscow.

PGP encryption probably makes it not worth trying to read your emails since it takes large amounts of computing power to crack messages.

The dangerous thing is the collection of meta-data. In the case of your iPhone that includes geolocation, timestamp and destination.

If you text/phone your Imam, they will know where you were as well as when. Photograph that bug you found in the living room and GCHQ know which bug needs to be replaced.

Correlation of meta data means that a completely false inference can be built about whole groups of people. Examination of individual meta data reveals private information. Imagine you are an MP having an illicit affair and you took your mobile phone with you. The Cabinet Office sends you a text and GCHQ now know exactly where you are. And it isn't 'your' bedroom.

Share this post


Link to post
Share on other sites

It is possible to spy on an IBM golf-ball typewriter simply by recording the noise it makes. There was also attempts to detect movement of the same with microwave radar. Where did this happen? Moscow.

PGP encryption probably makes it not worth trying to read your emails since it takes large amounts of computing power to crack messages.

The dangerous thing is the collection of meta-data. In the case of your iPhone that includes geolocation, timestamp and destination.

If you text/phone your Imam, they will know where you were as well as when. Photograph that bug you found in the living room and GCHQ know which bug needs to be replaced.

Correlation of meta data means that a completely false inference can be built about whole groups of people. Examination of individual meta data reveals private information. Imagine you are an MP having an illicit affair and you took your mobile phone with you. The Cabinet Office sends you a text and GCHQ now know exactly where you are. And it isn't 'your' bedroom.

Very true. If you're up to something you'd prefer other people not to know about, carrying your (switched on) mobile phone around with you has got to be one of the daftest things you can do.

Share this post


Link to post
Share on other sites

If you text/phone your Imam, they will know where you were as well as when. Photograph that bug you found in the living room and GCHQ know which bug needs to be replaced.

Correlation of meta data means that a completely false inference can be built about whole groups of people. Examination of individual meta data reveals private information. Imagine you are an MP having an illicit affair and you took your mobile phone with you. The Cabinet Office sends you a text and GCHQ now know exactly where you are. And it isn't 'your' bedroom.

It does simplify a lot of things though. Imagine if Operation Yewtree could just pull up a list of anyone who was within the vicinity of Jimmy Savile over a 40 year period.

Share this post


Link to post
Share on other sites

It does simplify a lot of things though. Imagine if Operation Yewtree could just pull up a list of anyone who was within the vicinity of Jimmy Savile over a 40 year period.

Well, within the vicinity of Jimmy Savile's phone.

Share this post


Link to post
Share on other sites

Well, within the vicinity of Jimmy Savile's phone.

Only a matter of time before the damn things are embedded in us, and strangely enough I think people would queue up for it.

Share this post


Link to post
Share on other sites

It does simplify a lot of things though. Imagine if Operation Yewtree could just pull up a list of anyone who was within the vicinity of Jimmy Savile over a 40 year period.

The Queen, Margaret Thatcher, Tony Blair, Gordon Brown... my God, you're right, he was constantly associating with thieves and charlatans!

Share this post


Link to post
Share on other sites

For once, I don't think you're being paranoid. I'd assume as a matter of course that anything I send out on the internet (including this post!) might be intercepted, and that there is at least a possibility that closed-source software might also be transmitting my data without my knowledge. As you say, using open source software is the only way to ensure confidentiality.

Edit: And I imagine that quite a few non-US governments might be waking up to that just now - expect Microsoft sales to fall!

Exactly, anything you transmit electronically can be intercepted. Email is as secure as a postcard. The only difference that encryption will make to the serious hacker is that a bit more work and a lot more cpu cycles will be needed to crack it.

Share this post


Link to post
Share on other sites

I have recollections that...........

PGP was uncrackable in its original form...........

however................

It was quickly "threatened" that unless it gave the American government a back door (which it then did) it would be outlawed

So PGP has always been crackable by the FBI/CIA etc (at least in its retail form) :angry:

thing is........... I don't care if they "root" through my stuff - I have nothing to hide (I am openly a pervert :lol: )

Given that the PGP source code was available initially, how would the backdoor be implemented?

Share this post


Link to post
Share on other sites

Exactly, anything you transmit electronically can be intercepted. Email is as secure as a postcard. The only difference that encryption will make to the serious hacker is that a bit more work and a lot more cpu cycles will be needed to crack it.

Not quite. PGP is pretty much uncrackable if implemented correctly. The number of cpu cycles needed to crack it by conventional means is totally impractical.

My guess is though that there are agencies in the world that have quantum computers that can crack this sort of stuff, not that they would tell us if they could. QC technology is pretty close to implementation now in the public domain.

Share this post


Link to post
Share on other sites

Not quite. PGP is pretty much uncrackable if implemented correctly. The number of cpu cycles needed to crack it by conventional means is totally impractical.

My guess is though that there are agencies in the world that have quantum computers that can crack this sort of stuff, not that they would tell us if they could. QC technology is pretty close to implementation now in the public domain.

The problem lies in the initial key exchange. If the channel is insecure and can be tampered with then you can't be sure it's the real key.

Share this post


Link to post
Share on other sites

The problem lies in the initial key exchange. If the channel is insecure and can be tampered with then you can't be sure it's the real key.

Yes authentication is one of the weakest points of crypto systems. Even Quantum Cryptography which is unbreakable according to the laws of physics still needs authentication.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 238 Brexit, House prices and Summer 2020

    1. 1. Including the effects Brexit, where do you think average UK house prices will be relative to now in June 2020?


      • down 5% +
      • down 2.5%
      • Even
      • up 2.5%
      • up 5%



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.