Writing in Der Spiegel a few days ago, a team including Jacob Appelbaum and Laura Poitras report new analysis of the NSA's capabilities against internet security protocols. This is an issue that touches everyone that ever connects to the network or uses a mobile phone — as the artcile notes:
The fact that large amounts of the cryptographic systems that underpin the entire Internet have been intentionally weakened or broken by the NSA and its allies poses a grave threat to the security of everyone who relies on the Internet — from individuals looking for privacy to institutions and companies relying on cloud computing. Many of these weaknesses can be exploited by anyone who knows about them — not just the NSA.
Should we conclude that nothing is safe, then? What about the core tools of the networked computer engineer? A key tool is SSH, the secure shell, and there have been rumours that NSA has cracked SSH. Dig a little deeper into this sorry mess, though, and it seems clear that the NSA does not have blanket capabilities against all of our security tools. For example, in the discussion on Bruce Scheier's https://www.schneier.com/blog/archives/2014/12/new_documents_o.html post about the Spiegel article (December 28, 2014), Carlo Graziani says:
I'd be cautious about concluding that, for example, "SSH is broken", on the basis of this fragmentary report. Claims of successful decryption of SSH sessions almost certainly don't mean that (a) public key protocols protecting key exchange are broken (GPG would be broken too), or (b) any of the suite of ciphers used by SSH is vulnerable. They could be talking about side-channels, like fooling people into ignoring warnings that server keys have changed, or about sessions initiated from compromised machines.
The NSA capabilities under BULLRUN are interesting because they show the limits of its abilities. The agency cannot break encryption. Its attacks against encryption use must be done on a case-by-case basis. However, it also illustrates its ability (and potential) to bring more data under its surveillance by bypassing encryption. Obtaining each individual key or backdoor access is targeted action; what this yields could be targeted or mass surveillance (e.g. it could read all the traffic of a company once it has the encryption key).
I think that most of the breakins that the NSA performs (and which it has helped make possible for everyone from the mafia to random script kiddies everywhere) probably fall into one of these categories:
- human factors — tricking us into giving up our passwords
- coercion of corporations — secret courts and court orders to tech companies to force them to give up data
- wire tapping, including fibre cable tapping
- virus and malware attacks on web browsers and the like
- hardware implants in specific machines
Many of these are targetted interventions that are expensive to carry out. Also note that widespread cracking of secure protocols, and of encryption itself, do not appear in this list. It is still likely, then, that careful use of open source tools using strong crypto (e.g. SSH) are secure in the general case. Of course if they decide to pick on you as an individual all bets are off...