Uncle Sam Is Snooping: So What’s New?

The Washington Post has rehashed a rather old story about Central Intelligence Agency (CIA) ownership of a company called “Crypto AG” with a rather sensational title “The intelligence coup of the century”. Crypto AG was a Swiss company which used to sell equipment for sending encrypted messages to governments of more than 120 countries including “Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican”. The company was secretly owned by the CIA which used its influence to break the codes used by these machines enabling the CIA to spy on all these governments.

The story about National Security Agency’s (NSA’s) covert relationship with Crypto AG was broken by The Baltimore Sun way back in 1995. It is not as if this is the only known involvement or even the last incidence of US Intelligence trying to break widely used cryptographic systems or snooping on other governments including the friendly governments. Why The Washington Post would choose to particularly highlight this company whose equipment are no longer used now is anybody’s guess, but could well have to do with the newspaper’s owner Jeff Bezos’ company Amazon losing out on a $10 billion contract with the US Military.

The fact is Crypto AG’s systems had long become irrelevant not just due to The Baltimore Sun story, but with the advent of internet, most people and governments started using internet for their communications and computers could be used to send encrypted messages over the internet. CIA and NSA’s focus therefore turned on the hardware and software used for “secure” internet communications. It was long suspected that the NSA and CIA put “backdoors” into the leading communication and encryption products. These suspicions were confirmed by the wide-ranging Edward Snowden revelations on the NSA’s activities.

Starting from the turn of the century, the NSA invested billions of dollars to preserve and improve its snooping capabilities by finding loopholes and inserting backdoors into communication equipment, encryption software, operating systems like Microsoft, Linux, Apple, Android, etc., popular software products such as Lotus Notes, Microsoft products and popular internet services. According to Snowden documents, the NSA ran a programme codenamed ‘BULLRUN’ whose explicit mandate was to undermine encryption and secure communications by working to undermine encryption standards and working with companies to install “backdoors” in their products. According to The Guardian, under this programme, the NSA had developed “capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking”.

Under this BULLRUN programme, the NSA for example worked with RSA, a pioneering and leading supplier of internet encryption software, to undermine its software so as to create backdoors in all software programmes and systems which would use RSA’s software. Given the iconic stature of RSA after whose co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, the widely used RSA public key cryptography algorithm was named, these revelation shook the tech community at that time. However, reports about NSA-planted backdoors in leading telecommunication equipment and internet router vendors such as Cisco Systems and Juniper Networks have now become routine.

The BULLRUN activities were not limited to commercial hardware and software, but targeted open source software as well. A software bug named the “Heartbleed” was discovered in the widely used openssl library which is used for encrypting internet communications including HTTPS traffic used on websites. Bloomberg ran a story that the NSA knew about this bug for two years before it got publicly discovered and used it to steal master keys of possibly millions of websites in order to snoop into “secure” encrypted communication between people and these websites.

In 2017, Wikileaks released a whole tranche of documents codenamed “Vault 7” which exposed the CIA’s covert global hacking programme. These documents reveal that CIA had built a programme parallel to NSA whose scope matched if not exceeded the NSA programme. This programme “had over 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponised” malware.” It is said that the total code produced by these hackers in CIA exceeded the code used to run Facebook. These tools can target smartphones such as iPhones and Android phones, iPads and smartTVs to effectively convert them into listening devices. Vehicles Control systems on modern cars and trucks could also be hacked. The CIA had developed techniques to “bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied.” The programme had developed tools to attack operating systems such as Windows and Linux and also internet routers.

Given the extensive nature of the CIA and NSA programmes, it wouldnt be a stretch to say that practically no digital device or communication is beyond the prying eyes of the US Intelligence. In light of this, the US government’s efforts to blacklist and sanction Huawei saying that Huawei poses a threat to security due to its ties with the Chinese government ring out rather hollow. The US government has tried to pressure foreign governments such as the Europeans and even Indian government to not buy Huawei equipment for their next generation 5G networks citing security and snooping risks without providing any evidence. If anything, Huawei equipment may well be more secure than their US counterparts which have a proven history of NSA backdoors since even a single Chinese government backdoor would sink Huawei given the intense pressure and scrutiny applied to it worldwide. So, given the choice between the technologically superior and cheaper Huawei equipment as compared to the almost guaranteed insecure US equipment, it is no wonder that even foreign friendly governments are ignoring the US pressure and going ahead with their purchase of Huawei products. The real story lies in the US losing the technology and credibility race.

Also watch: Big Brother Is Watching You?