Friday 6 September 2013

Bullrun & Edgehill: US NSA & UK GCHQ have broken Internet Encryption

I have always suspected this and now according to newly leaked documents by Edward Snowden, the NSA and GCHQ are said to have defeated most of the online encryption used by internet users and the likes of Microsoft, Google, Yahoo and even banks. The usage of supercomputers, court orders and the good old application of pressure to internet service providers, are all said to be tools used to gain access to encrypted data by the government agencies.

"In recent years there has been an aggressive effort, lead by NSA, to make major improvements in defeating network security and privacy involving multiple sources and methods, all of which are extremely sensitive and fragile"

"NSA has introduced the BULLRUN CoI to protect our abilities to defeat the encryption used in network communication technologies"

The US programme name is Bullrun, and is said to have a £150m annual budget, while the UK GCHQ counterpart is called Edgehill. These codewords come from battles in each county's civil wars, not only showing the US-UK collaboration on this, but perhaps is an interesting reflection on the owners of the information they seek to intercept and access.

"It is imperative to protect the fact that GCHQ, NSA and their Sigint partners have capabilities against specific network security technologies"

It appears heavy investment into these covert programme started in early 2000, when the US agencies were told they were legally not allow to place backdoors within online systems.

On the British side, it the documentation says the UK had broken 30 VPN links and stated the UK desired to move away from encryption cracking, and to go after the fibre internet traffic, which matches in with my own theory on the PRISM programme.

A statement made by the NSA within the documentation shows their intent, and perhaps makes a good mission statement for the programme, "Every new technology required new expertise in exploiting it, as soon as possible"

This story is going to run over the next few days, so I'm sure more will come out as the documentation is scrutinised.

1 comment:

Lyxol said...

It does not seem strange to me. It's something that was logical to happen even sooner.