• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Intelligence
  • Security
  • NSA Bullrun program, encryption and false perception of security

NSA Bullrun program, encryption and false perception of security

Pierluigi Paganini September 07, 2013

Revelations on Bullrun program demonstrated that NSA has capabilities against widely-used online protocols such as HTTPS and encryption standards.

The latest nightmare for US Administration is named Bullrun, another US program for massive surveillance. Snowden‘s revelations represented a heartquake for IT security, the image of NSA and US IT companies are seriously compromised such the trust of worldwide consumers.

The extension of US surveillance activities seems to have no limits neither borderlines, every communication and data despite protected with sophisticated encryption mechanisms were accessible by US Intelligence and its partners like Britain’s GCHQ.

The New York Times and The Guardian newspapers and the journalism non-profit ProPublica  revealed details of the new super secret program, codenamed Bullrun, sustained by the NSA to have the possibility to bypass encryption adopted worldwide by corporates, governments and institutions. The Bullrun program is considered the second choice of U.S. Government to the failure in place a backdoor, the so-called Clipper chip, into encryption that would have allowed it to eavesdrop on communications.

Be aware we are not speaking of cracking algorithms, Snowden warned that NSA bypass encryption targeting end point of communications:

“Properly implemented strong crypto systems are one of the few things that you can rely on,” Snowden said to the Guardian.

The Intelligence Agency has inducted vendors and manufactures to include backdoors in their products or to disclose related encryption keys  to allow the access data, this is the core of the Bullrun program. Snowden revelations are causing the collapse of many certainties, last in order of time is the integrity of encryption standards, according the popular newspapers NSA has worked to undermine the security of those standards.

Following an image of classification guide to the NSA’s Bullrun decryption program

NSA Bullrun Doc

The repercussions are critical, the diffusion of the defective encryption standard has exposed the same data accessed by NSA to the concrete risk of stealing operated by third party actors such as foreign state-sponsored hackers and cybercriminals.

“The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets,” “Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.”commented Christopher Soghoian, principal technologist of the ACLU’s Speech, Privacy and Technology Project.”

Suddenly the IT world discovered that has perceived a false sense of security, the repercussion on the global security market are enormous, customers have put their trust in the wrong companies, too often they have been deceived by false myths and new paradigms (e.g. Cloud computing) designed to facilitate the surveillance operated by intelligence agencies.

Bullrun program is the last revelation on a nefarious policy conducted by one of the major security agencies, ironically because of its willingness to supervise each and every date of the largest Internet has made it unsafe. Chasing the concept of security NSA has actually opened loopholes in the global information systems that could have benefited powers such as China or terrorist groups.

The surveillance programs such as Prism and Bullrun are certainly questionable, as well as the conduct of major American companies that have gone along with his demands.

NSA and other agencies siphoned data from land and undersea cables, just after the revelations on PRISM program intelligence has started a misinformation campaign sustaining that US authorities was working to find the way to crack encrypted traffic, in reality the agency has no reason to do it and the Bullrun program is the proof. Misinformation as a pure diversion to influence the global sentiment and keep the lights of the media far from the dirty collusions of governments and private companies.

“None of methods used to access to encryption keys involve in cracking the algorithms and the math underlying the encryption, but rely upon circumventing and otherwise undermining encryption.”

The newspapers sustains that NSA maintains an internal database, dubbed “Key Provisioning Service”, of encryption keys for each commercial product. Using the Key Provisioning Service the NSA is able to automatically decode communications and access to encrypted data. Every time the agency needs a key for a new product it formalizes a request to obtain it, the request is so-called Key Recovery Service.

Other news reported that in one circumstance the US government learned that a foreign intelligence had ordered new computer hardware and after pressure of NS A the US vendor agreed to insert a backdoor into the product before it was deployed.

Keys are provided by vendors or obtained by the intelligence with hacking campaign against infrastructures of product providers.

“How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored,” “To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means.” states NYT.

The most disturbing revelation involves the NSA’s efforts to deliberately weaken international encryption standards developers use to make their encryption secure, according to a classified NSA memo obtained by NYT the fatal weakness discovered by two Microsoft cryptographers in 2007 in a 2006 standard was intentionally engineered by the NSA.

“Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on,”“If the backdoor is discovered, it’s explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program.” said cryptographer Bruce Schneier.

“Some of the methods involved the deployment of custom-built, supercomputers to break codes in addition to collaborating with technology companies at home and abroad to include backdoors in their products. The Snowden documents don’t identify the companies that participated.”

The Bullrun program, according to the documents, “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” By this year, the Times reports, the program had found ways “inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws.”

We are therefore assuming that the U.S. Government has deliberately prompted to enter bugs in software solutions sold worldwide, the knowledge of those flaws could then have been sold in the black market of zero-day vulnerabilities  about which so much has been discussed. At that point, probably the same U.S. Intelligence would offer big bucks to buy back the zero-day to cover traces of the shocking activities.

Which are the targets of the NSA?

Everyone! The imperative is global monitoring, ISP, Internet phone call and text services and mobile operators are privileged targets according the paper, and I add social media platforms.  Of course now every internet users desire to stay far from prying eyes, the use of anonymizing network and secure messaging system is exploding, Tor metrics data revealed an incredible increase of total number of Tor users.

The unique certainties are that the surveillance program will continue and the expense of monitoring activities will increase exponentially, there is another consideration to do related to the global commerce for security solutions. The global market will be seriously impacted, fall of trust in US security vendors could advantage other players, the equilibrium is jeopardized when trust is broken and open source software will live a new peak of popularity waiting for the next incident.

Pierluigi Paganini

(Security Affairs – Bullrun, NSA, surveillance)


facebook linkedin twitter

Bullrun Clipper chip cyber espionage encryption Hacking Key Provisioning Service NSA PRISM security Snowden surveillance zero-day vulnerabilities

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    Mitel patches critical MiVoice MX-ONE Auth bypass flaw

    Security / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT