@War: The Rise of the Military-Internet Complex (16 page)

Classified documents also show that the NSA invites makers of encryption products to let the agency's experts review their work, with the ostensible goal of making their algorithms stronger. But the NSA actually inserts vulnerabilities into the products, to use in its espionage and cyber warfare missions. One document states that this work allows the agency “to remotely deliver or receive information to and from target endpoints.” In other words, steal information from or implant malicious code on computers.

These footholds in technologies sold and used around the world allow the NSA to spy without being detected and, if need be, disable the technologies themselves. The Stuxnet computer worm that destroyed centrifuge equipment in the Iranian nuclear facility relied on a previously unknown weakness in a control system used by Siemens. Computer security experts have questioned whether the company knew about the vulnerability and agreed to keep it undefended. In any event, the NSA clearly had inside knowledge of some kind about the weakness and rolled it into Stuxnet's design.

The military also trains its cyber warriors, who work through US Cyber Command, to hack some of the most widely used communications equipment in the world. The army has sent soldiers to courses that teach students how Cisco networking devices are built and used. This isn't so they can maintain the equipment but so they can break in to it and defend it from others trying to do the same.

Under the SIGINT Enabling Project, the NSA also pays phone and Internet companies to build their networks in such a way that the agency can tap into them—or, to use the more opaque language of a classified budget document, “provide for continued partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses.”

All this clandestine work underscores the degree to which the NSA is dependent on corporations that build software and hardware and that own and operate portions of the Internet. The agency would find itself generally out of the surveillance and cyber warfare business without the cooperation of these companies. But its efforts to dominate the “fifth domain” of warfare extend beyond deals struck with individual corporations.

 

For the past ten years the NSA has led an effort in conjunction with its British counterpart, the Government Communications Headquarters, to defeat the widespread use of encryption technology by inserting hidden vulnerabilities into widely used encryption standards. Encryption is simply the process of turning a communication—say, an e-mail—into a jumble of meaningless numbers and digits, which can only be deciphered using a key possessed by the e-mail's recipient. The NSA once fought a public battle to gain access to encryption keys, so that it could decipher messages at will, but it lost that fight. The agency then turned its attention toward weakening the encryption algorithms that are used to encode communications in the first place.

The NSA is home to the world's best code makers, who are regularly consulted by public organizations, including government agencies, on how to make encryption algorithms stronger. That's what happened in 2006—a year after Alexander arrived—when the NSA helped developed an encryption standard that was eventually adopted by the National Institute of Standards and Technology, the US government agency that has the last word on weights and measures used for calibrating all manner of tools, industrial equipment, and scientific instruments. NIST's endorsement of an encryption standard is a kind of Good Housekeeping Seal of approval. It encourages companies, advocacy groups, individuals, and government agencies around the world to use the standard. NIST works through an open, transparent process, which allows experts to review the standard and submit comments. That's one reason its endorsement carries such weight. NIST is so trusted that it must approve any encryption algorithms that are used in commercial products sold to the US government.

But behind the scenes of this otherwise open process, the NSA was strong-arming the development of an algorithm called a random-number generator, a key component of all encryption.
Classified documents show that the NSA claimed it merely wanted to “finesse” some points in the algorithm's design, but in reality it became the “sole editor” of it and took over the process in secret. Compromising the number generator, in a way that only the NSA knew, would undermine the entire encryption standard. It gave the NSA a backdoor that it could use to decode information or gain access to sensitive computer systems.

The NSA's collaboration on the algorithm was not a secret. Indeed, the agency's involvement lent some credibility to the process. But less than a year after the standard was adopted, security researchers discovered an apparent weakness in the algorithm and speculated publicly that it could have been put there by the spy agency. The noted computer security expert Bruce Schneier zeroed in on one of four techniques for randomly generating numbers that NIST had approved.
One of them, he wrote in 2007, “is not like the others.”

For starters, it worked three times more slowly than the others, Schneier observed. It was also “championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.”

Schneier was alarmed that NIST would encourage people to use an inferior algorithm that had been enthusiastically embraced by an agency whose mission is to break codes. But there was no proof that the NSA was up to no good. And the flaw in the number generator didn't render it useless. As Schneier noted, there was a workaround, though it was unlikely anyone would bother to use it. Still, the flaw set cryptologists on edge. The NSA was surely aware of their unease, as well as the growing body of work that pointed to its secret intervention, because it leaned on an international standards body that represents 163 countries to adopt the new algorithm. The NSA wanted it out in the world, and so widely used that people would find it hard to abandon.

Schneier, for one, was confused as to why the NSA would choose as a backdoor such an obvious and now public flaw. (The weakness had first been pointed out a year earlier by employees at Microsoft.) Part of the answer may lie in a deal that the NSA reportedly struck with one of the world's leading computer security vendors, RSA, a pioneer in the industry. According to a 2013 report by Reuters, the company adopted the NSA-built algorithm “even before NIST approved it. The NSA then cited the early use . . . inside the government to argue successfully for NIST approval.”
The algorithm became “the default option for producing random numbers” in an RSA security product called the bSafe toolkit, Reuters reported. “No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.” For its compliance and willingness to adopt the flawed algorithm, RSA was paid $10 million, Reuters reported.

It didn't matter that the NSA had built an obvious backdoor. The algorithm was being sold by one of the world's top security companies, and it had been adopted by an international standards body as well as NIST. The NSA's campaign to weaken global security for its own advantage was working perfectly.

When news of the NSA's efforts broke in 2013, in documents released by Edward Snowden, RSA and NIST both distanced themselves from the spy agency—but neither claimed that the backdoor hadn't been installed.

In a statement following the Reuters report, RSA denied that it had entered into a “secret contract” with the NSA, and asserted that “we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential ‘backdoors' into our products for anyone's use.” But it didn't deny that the backdoor existed, or may have existed. Indeed, RSA said that years earlier, when it decided to start using the flawed number-generator algorithm, “the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.” Not so much anymore. When documents leaked by Snowden confirmed the NSA's work, RSA encouraged people to stop using the number generator—as did NIST.

The standards body issued its own statement following the Snowden revelations. It was a model of carefully calibrated language. “NIST would not deliberately weaken a cryptographic standard,” the organization said in a public statement, clearly leaving open the possibility—without confirming it—that the NSA had secretly installed the vulnerability or done so against NIST's wishes. “NIST has a long history of extensive collaboration with the world's cryptography experts to support robust encryption. The [NSA] participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA.”

The standards body was effectively telling the world that it had no way to stop the NSA. Even if it wanted to shut the agency out of the standards process, by law it couldn't. A senior NSA official later seemed to support that contention. In an interview with the national security blog
Lawfare
in December 2013, Anne Neuberger, who manages the NSA's relationships with technology companies, was asked about reports that the agency had secretly handicapped the algorithm during the development process. She neither confirmed nor denied the accusation. Neuberger called NIST “an incredibly respected close partner on many things.”
But, she noted, it “is not a member of the intelligence community.

“All the work they do is . . . pure white hat,” Neuberger continued, meaning not malicious and intended solely to defend encryption and promote security. “Their only responsibility is to set standards” and “to make them as strong as they can possibly be.”

That is not the NSA's job. Neuberger seemed to be giving the NIST a get-out-of-jail-free card, exempting it from any responsibility for inserting the flaw.

 

The 2006 effort to weaken the number generator wasn't an isolated incident. It was part of a broader, longer campaign by the NSA to weaken the basic standards that people and organizations around the world use to protect their information. Documents suggest that the NSA has been working with NIST since the early 1990s to hobble encryption standards before they're adopted. The NSA dominated the process of developing the Digital Signature Standard, a method of verifying the identity of the sender of an electronic communication and the authenticity of the information in it. “NIST publicly proposed the [standard] in August 1991 and initially made no mention of any NSA role in developing the standard, which was intended for use in unclassified, civilian communications systems,” according to the Electronic Privacy Information Center, which obtained documents about the development process under the Freedom of Information Act.
Following a lawsuit by a group of computer security experts, NIST conceded that the NSA had developed the standard, which “was widely criticized within the computer industry for its perceived weak security and inferiority to an existing authentication technology,” the privacy center reported. “Many observers have speculated that the [existing] technique was disfavored by NSA because it was, in fact, more secure than the NSA-proposed algorithm.”

From NSA's perspective, its efforts to defeat encryption are hardly controversial. It is, after all, a code-breaking agency. This is precisely the kind of work it is authorized, and expected, to do. If the agency developed flaws in encryption algorithms that only it knew about, what would be the harm?

But the flaws weren't secret. By 2007, the backdoor in the number generator was being written about on prominent websites and by leading security experts. It would be difficult to exploit the weakness—that is, to figure out the key that opened NSA's backdoor. But this wasn't impossible. A foreign government could figure out how to break the encryption and then use it to spy on its own citizens, or on American companies and agencies using the algorithm. Criminals could exploit the weakness to steal personal and financial information. Anywhere the algorithm was used—including in the products of one of the world's leading security companies—it was vulnerable.

The NSA might comfort itself by reasoning that code-breaking agencies in other countries were surely trying to undermine encryption, including the algorithms that NSA was manipulating. And surely they were. But that didn't answer the question, why knowingly undermine not just an algorithm but the entire process by which encryption standards are created? The NSA's clandestine efforts damaged the credibility of NIST and shredded the NSA's long-held reputation as a trusted, valued participant in creating some of the most fundamental technologies on the Internet, the very devices by which people keep their data, and by extension themselves, safe. Imagine if the NSA had been in the business of building door locks, and encouraged every homebuilder in America to install its preferred, and secretly flawed, model. No one would stand for it. At the very least, consumer groups would file lawsuits and calls would go up for the organization's leaders to resign.

But the reaction to the NSA's anti-encryption campaign was relatively subdued. In part, that's because many experts, cryptologists among them, had long presumed that the agency was up to this kind of work in the shadows. The revelations were informative but not exactly surprising. But there was also a strong sense among lawmakers and US officials that this is what the NSA does. It breaks codes in order to steal information. NIST sets standards through an open, transparent process. That's anathema to the NSA's secretive nature. From the NSA's perspective, the standards-setting body threatens to propagate hard-to-break algorithms and encryption technologies that would do a very good job protecting information—all things that run counter to the NSA's mission. For years lawmakers who approved the NSA's budget, and administration officials who oversaw its work, sided with the agency. To the extent that they had any misgivings, they could take some solace that as long as the NSA's handiwork stayed secret, the damage to Internet security and the United States' reputation might be minimal. The revelations of 2013 upended those calculations.