According to the Black Budget, U.S. intelligence agencies
have tech companies dead in their sights with the aim of breaking or
circumventing any existing or emerging encryption or antiviral products, noting
the threat posed by “increasingly strong commercial” encryption and
“adversarial cryptography.”
The Analysis of Target Systems Project produced “prototype
capabilities” for the intelligence community, enabled “the defeat of strong
commercial data security systems” and developed ways “to exploit emerging
information systems and technologies,” according to the classified budget. The
project received $35 million in funding in 2012 and had more than 200 personnel
assigned to it. By the end of 2013, according to the budget, the project would
“develop new capabilities against 50 commercial information security device
products to exploit emerging technologies,” as well as new methods that would
allow spies to recover user and device passwords on new products.
Among the project’s missions:
— Analyze “secure communications products, both foreign and
domestic produced” to “develop exploitation capabilities against the
authentication and encryption schemes.”
— “[D]evelop exploitation capabilities against network
communications protocols and commercial network security products.”
— “Anticipate future encryption technologies” and “prepare
strategies to exploit those technologies.”
— “Develop, enhance, and implement software attacks against
encrypted signals.”
— “Develop exploitation capabilities against specific key
management and authentication schemes.”
— “[D]evelop exploitation capabilities against emerging
multimedia applications.”
— Provide tools for “exploiting” devices used to “store,
manage, protect, or communicate data.”
— “Develop methods to discover and exploit communication
systems employing public key cryptography” and “communications protected by
passwords or pass phrases.”
— Exploit public key cryptography.
— Exploit Virtual Private Networks, or VPNs, which allow
people to browse the Internet with increased security and anonymity.
The black budget also noted that the U.S. intelligence
community partners with “National Laboratories” to conduct the type of research
presented at the CIA’s annual Jamboree conference. It confirms the U.S.
government’s aggressive efforts to steal encryption and authentication keys, as
occurred in the NSA and GCHQ operations against Gemalto, the world’s largest
manufacturer of SIM cards, through the use of Computer Network Exploitation
attacks. In that case, spy agencies penetrated Gemalto’s internal networks and
cyberstalked its employees to steal mass quantities of keys used to encrypt
mobile phone communications.
The CIA’s Information Operations Center is currently the
second largest of the spy agency’s specialized centers. It not only conducts
cyber-ops, but has operated covertly in other nations, working to develop
assets from targeted countries to assist in its cyber-surveillance programs,
according to the Black Budget. At times, its personnel brief the president.
When the Chinese government recently tried to force tech
companies to install a backdoor in their products for use by Chinese
intelligence agencies, the U.S. government denounced China. “This is something
that I’ve raised directly with President Xi,” President Obama said in early
March. “We have made it very clear to them that this is something they are
going to have to change if they are to do business with the United States.”
But China was actually following the U.S. government’s lead.
The FBI has called for an expansion of U.S. law, which would require Apple and
its competitors to design their products so that all communications could be
made available to government agencies. NSA officials have expressed similar
sentiments.
“Obama’s comments were dripping with hypocrisy,” says Trevor
Timm, executive director of the Freedom of the Press Foundation. “Don’t get me
wrong, his actual criticism of China for attempting to force tech companies to
install backdoors was spot on — now if only he would apply what he said to his
own government. Since he now knows backdooring encryption is a terrible policy
that will damage cybersecurity, privacy, and the economy, why won’t he order
the FBI and NSA to stop pushing for it as well?”
No comments:
Post a Comment