November 25, 2013

The NSA's golden age of SIGINT: declare war on commercial crypto

Thanks to Edward Snowden and John Young, we now have further indication that the NSA explicitly and deliberately targets for perversion the open world of cryptography:

"SIGINT Goals for 2012-2016

2.1.2. (S//REL) Counter the challenge of ubiquitous, strong, commercial network encryption

2.1.3. (TS//SI//REL) Counter indigenous cryptographic programs by targeting their industrial bases with all available SIGINT and HUMINT capabilities

2.1.4. (TS//SI//REL) Influence the global commercial encryption market through commercial relationships, HUMINT, and second and third party partners"

It's their mission! Read it how you will, but the hint is pretty strong:

The NSA has declared secret war against the cryptographic community

They will undermine, slow, misdirect, block or infect the market to their sole advantage.

There is no limit to their attack, they will apply all available SIGINT and HUMINT capabilities . HUMINT is their terminology for spies & espionage, but we can also presume that black ops, sabotage and cyberwar are on the table. Nor are they shy of using using their captured industrial partners to "influence" the shipping of faulty product.

The attack on NIST was in alignment with these goals, further highlighting that the NSA has no particular qualms in undermining an own-country national champion of standards.

Everyone is a valid target, no limits. This isn't a USA versus the world question, nor an open source versus commercial cryptography skirmish. The questions that remain are these:

  • who else do they attack? Who did they infect? Earlier, I mentioned Microsoft's CAPI and Oracle's JCE as standouts. Who else?
  • do we care?
  • what are we going to do about it?

Posted by iang at November 25, 2013 05:51 AM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.