Courtesy of Mish.
In response to NSA Breaks Into Secure Communication Links of Google and Yahoo I received a few comments worth exploring.
Reader “Fury” commented “True encryption using the RSA algorithm is unbreakable today. No way can the NSA break the prime number encryption that is used, I don’t care how many supercomputers they have.“
A knowledgeable friend commented “The secure parts are impenetrable by computer technology. A break-in is impossible unless Google let them in or the NSA somehow got the encryption key. The latter would require human agents.“
The article I linked to above came from an October 30 article in the Washington Post. Here is the chart in question.
Man in the Middle
Mainstream media is nearly always late to these stories, and so was I. The answer to how the NSA hacked Google and Yahoo! comes from Schneier on Security a “blog covering security and security technology”.
With thanks to reader “marvinmartian” for the link, please consider Bruce Schneier’s September 13 post New NSA Leak Shows MITM Attacks Against Major Internet Services.
The Brazilian television show “Fantastico” exposed an NSA training presentation that discusses how the agency runs man-in-the-middle attacks on the Internet. The point of the story was that the NSA engages in economic espionage against Petrobras, the Brazilian giant oil company, but I’m more interested in the tactical details.
The video on the webpage [NSA Documents Show United States Spied Brazilian Oil Giant] is long, and includes what I assume is a dramatization of an NSA classroom, but a few screen shots are important. The pages from the training presentation describe how the NSA’s MITM attack works:
However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route — on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.