The NSA has a special department that vpn connections hacks. The secret service performs man in the middleattacks, where communication is decrypted. Also ssh and https connections are sometimes successfully cracked. That appears from new leaked documents.
The NSA department is now cracking under the more connections about the so-called point-to-point-tunneling-protocol without too much difficulty. That made journalists Laura Poitras and Jacob Appelbaum in cooperation with Der Spiegel announced on the CCC security conference in Hamburg, on the basis of documents of the whistleblower Edward Snowden. Appelbaum is also responsible for the Tor project, that users are relatively anonymous use of the internet.
According to the journalists is a project in which vpn connections on a large scale can be intercepted and the data to be decrypted. Then the data is again injected into the connection between the server and the user, so that both will not notice the intervention of the secret service. The NSA would be under a team of twelve people to have the vpn connections of the Greek government to intercept.
That pptp is insecure, is already longer known, but the vpn protocol is still widely supported. The secret service would already have more trouble with vpn connections over ipsec expired; the intelligence would therefore be the routers that the protocol offer hack to the encryption keys in their hands. That seems to be mainly users of ipsec in combination with a pre-determined key measures. It is also unclear how it sits with connections via OpenVPN expired.
The NSA in 2009 to 1000 times per hour a request is processed to create vpn connections to crack. The service had planned to that number by 2011, to increase to 100,000 per hour, but whether that wish has come true, is not known. What is clear is that the NSA Irish vpn service SecurityKiss with success would have cracked.
To say that manages to the NSA, in some cases, in to ssh-connections to crack. It can involve brute force attempts or dictionary attacks: ssh enforces strong passwords, and the NSA would be the password that the connection is secure can guess to the encryption keys to find out. Use of a certificate with a strong key length would prevent that.
The service would also be https-connections crack, though it is not clear how successful these attempts are and whether or not the service is able to make the connections on a large scale to crack. It is clear that the service, which in any case was planning. The NSA would have to break into servers to issue certificates to steal, so that the communication can be intercepted.
The NSA would also try to get the encryption algorithm aes to crack. It is not entirely clear whether it is a desire, or that the secret service effectively passed to the algorithm to crack. In the documents is that the NSA ‘a limited number of in-house techniques’ against aes encryption, but that indicates not that the algorithm itself is outdated. In many cases, it is not the encryption algorithm itself is vulnerable, but the implementation of it.
Source: Der Spiegel
From the documents that have been released show not only where the NSA does succeed, but also where the secret service is having trouble with. “There is also good news: pgp and otr are safe,” says Jacob Appelbaum during his talk at the CCC conference. Otr is a protocol that lets users encrypted chat; with pgp, users can encrypted e-mail.
That is not to say that the NSA never fails to otr and pgp communication to decrypt, but that this was in several cases not successful. That is not to say that the secret service still can not: the documents whistleblower Snowden are approximately two years old.
The most trouble seems to be the NSA to have with people who are multiple techniques to use their tracks to erase. So used to one person that the NSA was followed a combination of Tor, another service, the chat system cspace and the voip protocol zrtp. That last protocol is used in the RedPhone is a secure phone. The person was by the NSA not to almost impossible to follow. Also with TrueCrypt, cryptografiesoftware the development of which is discontinued and which now is considered unsafe, the secret service effort.
From the documents it appears finally that the NSA staff sends to meetings of the Internet Engineering Task Force, internet standards develops, to talk about cryptographic standards to influence. The secret service considers encryption clearly as a threat, as appears from documents.