According to the Black Budget, U.S. intelligence agencies have tech companies dead in their sights with the aim of breaking or circumventing any existing or emerging encryption or antiviral products, noting the threat posed by “increasingly strong commercial” encryption and “adversarial cryptography.”
The Analysis of Target Systems Project produced “prototype capabilities” for the intelligence community, enabled “the defeat of strong commercial data security systems” and developed ways “to exploit emerging information systems and technologies,” according to the classified budget. The project received $35 million in funding in 2012 and had more than 200 personnel assigned to it. By the end of 2013, according to the budget, the project would “develop new capabilities against 50 commercial information security device products to exploit emerging technologies,” as well as new methods that would allow spies to recover user and device passwords on new products.
Among the project’s missions:
— Analyze “secure communications products, both foreign and domestic produced” to “develop exploitation capabilities against the authentication and encryption schemes.”
— “[D]evelop exploitation capabilities against network communications protocols and commercial network security products.”
— “Anticipate future encryption technologies” and “prepare strategies to exploit those technologies.”
— “Develop, enhance, and implement software attacks against encrypted signals.”
— “Develop exploitation capabilities against specific key management and authentication schemes.”
— “[D]evelop exploitation capabilities against emerging multimedia applications.”
— Provide tools for “exploiting” devices used to “store, manage, protect, or communicate data.”
— “Develop methods to discover and exploit communication systems employing public key cryptography” and “communications protected by passwords or pass phrases.”
— Exploit public key cryptography.
— Exploit Virtual Private Networks, or VPNs, which allow people to browse the Internet with increased security and anonymity.
The black budget also noted that the U.S. intelligence community partners with “National Laboratories” to conduct the type of research presented at the CIA’s annual Jamboree conference. It confirms the U.S. government’s aggressive efforts to steal encryption and authentication keys, as occurred in the NSA and GCHQ operations against Gemalto, the world’s largest manufacturer of SIM cards, through the use of Computer Network Exploitation attacks. In that case, spy agencies penetrated Gemalto’s internal networks and cyberstalked its employees to steal mass quantities of keys used to encrypt mobile phone communications.
The CIA’s Information Operations Center is currently the second largest of the spy agency’s specialized centers. It not only conducts cyber-ops, but has operated covertly in other nations, working to develop assets from targeted countries to assist in its cyber-surveillance programs, according to the Black Budget. At times, its personnel brief the president.
When the Chinese government recently tried to force tech companies to install a backdoor in their products for use by Chinese intelligence agencies, the U.S. government denounced China. “This is something that I’ve raised directly with President Xi,” President Obama said in early March. “We have made it very clear to them that this is something they are going to have to change if they are to do business with the United States.”
But China was actually following the U.S. government’s lead. The FBI has called for an expansion of U.S. law, which would require Apple and its competitors to design their products so that all communications could be made available to government agencies. NSA officials have expressed similar sentiments.
“Obama’s comments were dripping with hypocrisy,” says Trevor Timm, executive director of the Freedom of the Press Foundation. “Don’t get me wrong, his actual criticism of China for attempting to force tech companies to install backdoors was spot on — now if only he would apply what he said to his own government. Since he now knows backdooring encryption is a terrible policy that will damage cybersecurity, privacy, and the economy, why won’t he order the FBI and NSA to stop pushing for it as well?”