The revelations made through the documents leaked by Edward Snowden continue. A fresh batch of documents now shows that NSA has been working with IT companies, security research firms and other stakeholders in order to bypass and and all forms of encryption that are popularly used on the web.
Take ‘https’ for instance. Many hail it as the ultimate tool when it comes to web security. However, with its budget of billions of dollars, NSA and its British counterpart, GCHQ, reported that they were able to make great strides in decrypting https communications. In other words, even https is futile in the face of the likes of NSA.
Many companies have recently moved to SSL encryption, viewing it as an adequate tool through which they can secure the communications of the users. But NSA and GCHQ have been able to compromise the security offered by SSL encryption.
This should be viewed in conjunction with another recent article in which we revealed how NSA was spending a huge portion of its budget in cryptanalysis. The Times penned down an article recently which cited ‘Signit Enabling Project’ of NSA, on which the agency spends $250 million a year. The aim of the project, the paper says, is that it ‘actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.”
According to New York Times, before they could publish their article on the same subject, they were forced to remove certain facts due to the pressure from intelligence officials. These facts pertained to the specifics of such operations and efforts to dismantle the latest of encryption tools.
Courtesy: Business Insider