Snowden Report: NSA Prying Eyes Can Circumvent HTTPS


According to a report in Der Spiegel, NSA can decrypt the web secure technology HTTPS without any limits. The report explains NSA’s plans to intercept 10 million HTTPS connections per day.

Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to prevent wiretapping and man-in-the-middle attacks.

Leaked NSA documents reveals that the NSA was still having trouble deciphering several different types of encryption in 2012. Tor, PGP, OTR chat encryptions was some of the "threats" to NSA's monitoring. 
NSA document

Der Spiegel pointed out that the VPN theoretically creates a secure tunnel between two points on the Internet. All data is channeled through that tunnel, protected by cryptography. When it comes to the level of privacy offered here, virtual is the right word, too. This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN.

NSA's monitoring technologies are evolving without boundaries and user privacy is not safe as we thought.

Source: Der Spiegel

No comments

Powered by Blogger.