The spy agencies’ activities have gone on for more than a decade. Now we have enough details about how the NSA eavesdrops on the internet, another explosive news has emerged yesterday from the Snowden files that NSA has the ability to decrypt most of anything that is on the internet.
They have done this not through cracking encryption mathematically, but by secretly using influence and billions of dollars to insert backdoors designed to preserve their ability to eavesdrop.
Also the majority of devices connected to the Tor anonymity network may be using encryption keys that can be broken by the National Security Agency, according to Rob Graham, CEO of penetration testing firm Errata Security.
The ability to crack high-level encryption is something that has been a pretty significant legend in the infosec community. Graham arrived at that conclusion after analyzing nearly 23,000 Tor connections through an exit node that Graham controls and about 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key.
Graham said that Tor still uses 1024 RSA/DH keys for much of its crypto particularly because most people are still using older versions of the software. The older 2.3 versions of Tor use keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.
The latest release of Tor, version 2.4, switches from the standard Diffie-Hellman key exchange to ECDHE, which are Elliptical-Curve Diffie-Hellman keys, which may greatly increase the privacy of the Tor network.
Of course there’s no guarantee that the NSA hasn’t already found an easy way to crack ECDHE, but considering it’s not currently as common as other encryption techniques, for now there’s a greater chance that it’s more secure.
Unfortunately for the thousands of people who rely on Tor, many of the devices they use to connect to its servers could still be infiltrated by the NSA. To make matters worse, it came just a day after the report that 90 percent of Internet users have taken steps to avoid surveillance in some way.
Bruce Schneier, security blogger made the following statement that Government and industry have betrayed the internet, and us. “By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract.“
He advised to Hide yourself in the network, Encrypt your communications, Assume that while your computer can be compromised, it would take work and risk on the part of the NSA so it probably isn’t, Be suspicious of commercial encryption software, especially from large vendors. Try to use public-domain encryption that has to be compatible with other implementations.
It has been made public that the Department of Defense provided Tor with $876,099 in 2012, a sum large enough to make up 40 percent of the project’s $2 million budget. Tor’s executive director Andrew Lewman has said that the intelligence agency has not requested a backdoor into the system.