Snowden leaks: US and UK 'crack online encryption'

BBC News, 6 September 2013

A man types on a computer keyboard in Warsaw in this
February 2013 illustration file picture

US spy leaks

• UK terror laws: Schedule 7
• Edward Snowden: Timeline
• New US-Russia chill
• US revelations

US and UK intelligence have reportedly cracked technology used to encrypt internet services such as online banking, medical records and email.

Disclosures by leaker Edward Snowden allege the US National Security Agency (NSA) and the UK's GCHQ are hacking key online security protocols.

The encryption techniques targeted are used by popular internet services such as Google, Facebook and Yahoo.

The NSA is said to spend $250m (£160m) a year on the top secret program.

It is codenamed Bullrun, an American civil war battle, according to the documents published by the Guardian in conjunction with the New York Times and ProPublica.

The British counterpart program is called Edgehill, after the first major engagement of the English civil war, say the documents.

'Behind-the-scenes persuasion'

The reports say the UK and US intelligence agencies are focusing on the encryption used in 4G smartphones, email, online shopping and remote business communication networks.

US leaker Edward Snowden has
been granted asylum in Russia

Under Bullrun, it is said that the NSA has built powerful supercomputers to try to crack the technology that scrambles and encrypts personal information when internet users log on to access various services.

The NSA also collaborated with unnamed technology companies to build so-called back doors into their software - something that would give the government access to information before it is encrypted and sent over the internet, it is reported.

As well as supercomputers, methods used include "technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications", the New York Times reports.

The US reportedly began investing billions of dollars in the program in 2000 after its initial efforts to install a "back door" in all encryption systems were thwarted.

'Gobsmacked'

During the next decade, it is said the NSA employed code-breaking computers and began collaborating with technology companies at home and abroad to build entry points into their products.

The documents provided to the Guardian by Mr Snowden do not specify which companies participated.

The NSA also hacked into computers to capture messages prior to encryption, and used broad influence to introduce weaknesses into encryption standards followed by software developers the world over, the New York Times reports.

When British analysts were first told of the extent of the program they were "gobsmacked", according to one memo among more than 50,000 documents shared by the Guardian.

NSA officials continue to defend the agency's actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered.

But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government.

It is the latest in a series of intelligence leaks by Mr Snowden, a former NSA contractor, who began providing caches of sensitive government documents to media outlets in June.

Mr Snowden, whom the US wants to extradite, has been granted temporary asylum in Russia.