>>5579752
The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange
One of the problems with patching the vulnerability is that it breaks things: On the plus side, the vulnerability has largely been patched thanks to consultation with tech companies like Google, and updates are available now or coming soon for Chrome, Firefox and other browsers. The bad news is that the fix rendered many sites unreachable, including the main website at the University of Michigan, which is home to many of the researchers that found the security hole.
Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve – the most efficient algorithm for breaking a Diffie-Hellman connection – is dependent only on this prime. After this first step, an attacker can quickly break individual connections
According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: "Everybody's a target; everybody with communication is a target."
And remember Director of National Intelligence James Clapper's introduction to the 2013 "Black Budget": Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.
But that requirement also speaks to its limitations. The NSA isn't going to put this capability at collection points like Room 641A at AT&T;'s San Francisco office
The latest story from the Snowden documents, co-published by the New York Times and ProPublica, shows that the NSA is operating a signature-based intrusion detection system on the Internet backbone: In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad – including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
To carry out the orders, the F.B.I. negotiated in 2012 to use the N.S.A.'s system for monitoring Internet traffic crossing "chokepoints operated by U.S. providers through which international communications enter and leave the United States," according to a 2012 N.S.A. document. The N.S.A. would send the intercepted traffic to the bureau's "cyberdata repository" in Quantico, Virginia.
https://wikileaks.org/hackingteam/emails/emailid/1044631
U.S. spy agencies have built an intelligence-gathering colossus since the attacks of Sept. 11, 2001, but remain unable to provide critical information to the president on a range of national security threats, according to the government’s top-secret budget.
The $52.6 billion “black budget” for fiscal 2013, obtained by The Washington Post from former -intelligence contractor Edward Snowden, maps a bureaucratic and operational landscape that has never been subject to public scrutiny. Although the government has annually released its overall level of intelligence spending since 2007, it has not divulged how it uses the money or how it performs against the goals set by the president and Congress.
The CIA, which has been transformed into a paramilitary organisation since 9/11 and oversees its own drone programme, takes about 28 per cent of the overall budget, or $14.7bn.
The next largest is the electronics eavesdropping body, the National Security Agency, which Mr Snowden worked for this year at its Hawaii listening post. The NSA was allocated $10.8bn in 2013.
https://wikileaks.org/hackingteam/emails/emailid/67920
https://www.washingtonpost.com/world/national-security/black-budget-summary-details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-10ab-11e3-8cdd-bcdc09410972_print.html?noredirect=on