VPN Articles and News

Leaked Documents Provide Information On Tools That NSA Wasn’t Able To Crack

By Paul Liu
Monday, January 26th, 2015

More than one and a half years after Edward Snowden leaked details about NSA’s PRISM program, a new set of leaked documents provide more information on the tools and online services that the intelligence agency wasn’t able to crack despite its best efforts. The documents, which cover the time period between 2011-12, were recently published by the German magazine Der Spiegel and were also discussed during the Chaos Computer Club Conference which was held in Hamburg. The revelations about uncrackable chat and email programs should provide comfort to ordinary citizens as well as privacy activists who were under the impression that no tool or service was safe as far as the NSA surveillance was concerned.

The report reveals how the NSA can readily crack popular messaging, VOIP and emailing services, including messages sent through Facebook and Skype. Privacy tools like Virtual Private Networks aren’t safe either since the agency has the ability to bypass their security mechanisms. While most of these services are encrypted by default, they are secured in such a way that the encryption does not pose any challenge to the security agency. The document also shows how the agency has the capability to bypass the security offered by the HTTPS protocol as well as how it was ramping up its surveillance powers to monitor as many as 10 million HTTPS connections/day as well as 20,000 VPN connections/hour by late 2012.

The report also indicates that one of the most widely used privacy tools, Tor, is not as insecure as it was previously thought. As per the revelations made in the report, NSA faced major problems while tracking users who were hiding their identity through the Tor network. Of course, this doesn’t prove that Tor is unbreachable since the privacy network has already been penetrated several times during the last few years.

Apart from revealing information about popular services, the report also makes a mention of the specialized tools and services that the agency wasn’t able to crack. Data encrypted through TrueCrypt, the disk encryption tool that was shut down recently, proved to be uncrackable for the NSA as did the emails sent through the email service provider Zoho. In addition, the agency was not able to decipher data encrypted with the privacy tool Pretty Good Privacy (PGP) nor was it able to decrypt private messages that were secured through the encryption tool Off-the-Record. For those who are not aware of these programs, Zoho provides a host of productivity tools including an email service, PGP is an all-in-one privacy tool that can encrypt messages, emails as well as entire hard drives while Off-the-Record is a nifty little program which can encrypt private messages sent through a variety of messaging services (but not Facebook or Yahoo).

While the leaked report shows that these are still some services available which can provide protection against the surveillance of NSA, we should be very cautious while making use of this information. Since the documents are already couple of years old, they do not reflect the current surveillance scenario. Hence, we should keep in mind that the tools, services and protocols which proved to be difficult to crack in the past may have been breached by the intelligence agency in the last couple of years.