Newly disclosed documents show how the US National Security Agency (NSA) is winning its "war" against encryption.
According to the latest documents released by whistleblower Edward Snowden and published in the New York Times newspaper, the security agency has "circumvented or cracked much of the encryption... that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the emails, web searches, internet chats and phone calls of Americans and others around the world".
The latest revelations show that spying on internet users and activity around the world by both the US NSA and the UK's GCHQ spying agency goes much further and deeper than originally suspected when Snowden first revealed the existence of the NSA's Prism programme.
It continues: "The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents."
The programme commenced in 2000 in response to a proliferation of encryption tools and, especially, with the emergence of public key infrastructure (PKI) encryption at that time.
"The NSA invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own "back door" in all encryption, it set out to accomplish the same goal by stealth," claims the New York Times.
The organisation has built its own supercomputers for the sole purpose of cracking encryption algorithms, and working with US technology companies to build "back doors" into their products - these might include security software applications, as well as networking hardware.
The NSA has also targeted servers to capture messages before they are encrypted. According to the New York Times, some companies were coerced into handing over master encryption keys or building in back doors.
"For the past decade, NSA has led an aggressive, multi-pronged effort to break widely used internet encryption technologies," reads a leaked 2010 memo describing a briefing about NSA activities prepared for counterparts at GCHQ. "Cryptanalytic capabilities are now coming online. Vast amounts of encrypted internet data, which have up till now been discarded, are now exploitable."
The New York Times reports that the GCHQ analysts briefed on the NSA encryption-breaking programme were "gobsmacked".
The NSA's efforts have, in particular, targeted secure sockets layer (SSL) and virtual private networking (VPN) technology, widely used by companies that need to keep their communications secure - especially from rivals and the threat of industrial espionage perpetrated either by other companies or by national governments.
4G telecoms networks have also been targeted, but the status of the Advanced Encryption Standard (AES) algorithm is unclear. However, it was devised in a contest overseen by a US government agency and may be considered tainted.
[Please turn to page 2]