Skip to main content

NSA has cracked encryption protecting your bank account, Gmail, and smartphone

nsa has cracked the encryption protecting your bank account gmail and more gchq crack
Image used with permission by copyright holder

Encryption techniques used by online banks, email providers, and many other sensitive Internet services to keep your personal data private and secure are no match for the National Security Agency and British surveillance authorities, according to new reports from The New York Times, ProPublica, and The Guardian. The revelations are the latest to come from a trove of documents supplied by fugitive whistleblower Edward Snowden.

Documents labeled “top secret” show that HTTPS and Secure Sockets Layer (SSL), encryption technologies used across the Web to keep transactions protected from snoops of all kinds, have been cracked by government-owned supercomputers. Through their decryption program, codenamed “Bullrun,” NSA and U.K. counterpart GCHQ have also compromised virtual private networks (VPNs) and encryption used to protect 4G wireless signals.

The spy agencies have also reportedly coerced or, in some cases, collaborated with corporations to obtain backdoor access to users’ communications, files, and other data. According to reports, the files obtained by Snowden did not name specific companies that teamed with NSA and GCHQ. An earlier report from The Guardian shows, however, that Microsoft granted NSA analysts pre-encryption access to users’ Skype calls, Outlook emails, and SkyDrive cloud storage.

“For the past decade, NSA has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” read a 2010 NSA memo to GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

The fact that the NSA has these capabilities may seem like a given – but it’s far from it: Modern cryptology is highly secure, and many doubted the spy agency had reached this level of penetration. Even the spies themselves were surprised by the NSA’s cryptanalysis capabilities. In another memo reported by the news agencies, GCHQ analysts who did not have prior knowledge of the decryption capabilities of the NSA “were gobsmacked” to learn about them.

While the NSA claims that its decryption capabilities are a crucial tool in its fight against global terrorism, critics argue that the agency’s efforts have made the U.S. less secure in the name of national security.

“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” Matthew D. Green, a cryptography expert at Johns Hopkins University, told ProPublica. “Those back doors could work against U.S. communications, too.”

U.S. government authorities reportedly asked the news agencies to not report on Bullrun because doing so could cause enemies of the state to change their communication tactics, weakening U.S. security. The Times said it decided to publish its story “because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.”

ProPublica said in an open letter that it believes publication of the story is “in the public interest” for two reasons. First, unlike code cracking efforts during World War II, the NSA’s activities involve “eavesdropping on civilians,” not just military personnel. Second, ProPublica believes the surveillance severely impedes Americans’ civil liberties.

“Suppose for a moment that the U.S. government had secretly developed and deployed an ability to read individuals’ minds,” writes ProPublica. “Such a capability would present the greatest possible invasion of personal privacy. And just as surely, it would be an enormously valuable weapon in the fight against terrorism.

“Continuing with this analogy, some might say that because of its value as an intelligence tool, the existence of the mind-reading program should never be revealed. We do not agree.”

Indeed, given the NSA’s likely predictive analytics capabilities, the mind-reading analogy may be more real than many of us care to imagine.

(Image courtesy Sergey Nivens/Shutterstock)

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to easily log in to multiple Gmail accounts at once
woman sitting and using laptop

Have you found yourself rapidly accumulating Gmail accounts? Between work, school, and any personal accounts you may have created, it's completely reasonable to have three (or more) Google accounts that need to be checked regularly.

Read more
The best MasterClass courses for 2024
The MasterClass logo against a dark background.

Learning a new skill, art, or craft is a great way to expand your horizons, and even increase your value as a creator or within your career. There are a lot of online learning platforms out there to help you grow, but few are as universally recognized as MasterClass.

MasterClass is a streaming platform that offers online classes taught by some of the biggest names in their respective fields. With a subscription you’ll get access to the full library of MasterClass courses, which includes a huge variety of subjects such as food, writing, music, wellness, and home & lifestyle.

Read more
How to recall an email in Gmail on mobile and desktop
A person sitting at a desk, in front of a computer monitor with their head in their hands.

Sometimes the moment you hit send in Gmail you want to recall the message. We all make mistakes. Luckily, Google gets it and, just as you can recall an Outlook message, you can unsend a Gmail. In the past, you had to manually enable it, but now it’s on by default.

Here’s how to make the most of it.

Read more