Tuesday, July 16, 2013

NSA in perspective, and what are we facing IT espionage wise

Keeping the NSA in Perspective | Stratfor

This is a good report, we have to put what NSA is doing not only in perspective, but face the realty of a non state foe, vs a State like Germany or Japan, or even a State Sponsored faction like what Russia used to attack us for so many years.  Back then most of the attacks even terrorist attacks where sponsored by a large State, the USSR being the biggest user. 

Encryption has also made a lot of changes over the years.  I remember working to get clients encryption products thru NSA for an export license,  the key was could NSA beat the code.  There is a simple test to start the processes it is called an A block, basically you make a document using all capital A's, then encrypt it and see what you get out of it.  In most cases everyone will see a pattern start to show with in the first line, and then carries thru, which means yes we can break it.

I think one of the funnest statements out there is that NSA can not break this code or that one, the proof being that they are not saying they can.  Folks sort of the key to this whole thing is not letting the other guy know you can read his stuff.   As far as, is there code that has not been broken, there is code that has not been broken, usually because there is no need felt to do it at the moment.  Some code from WWII, are still not broken, but more due to the time it would take to break a code no longer used, than it can not be.  I remember back in the 80's and 90's of clients asking me to beat Microsoft Word and Excell encryption.   At one point we had a short routine that just pointed us to the place in the document where the password was kept, in open text.  It got a little harder, but up to the point when we stopped getting asked to break the code, it was just another piece of software we would buy as the code changed.

In many cases, the fact of encryption of a train of data passing you was the reason to pay attention to that line of text.  At that point you analyzed the beginning and end points of the data.  This would tell you who was sending it, so then you had a pretty good idea of what kind of data was being encrypted, and could make up your mind if you wanted to extend the effort to break the code. 

With out breaking any classified info, my last briefing from the alphabets,  made it very clear that at that point nothing out there was immune to being cracked.  I keep hearing from IT types that a VPN properly set up was not breakable, the CIA has directly addressed this in the past two years, and can tell you that is not true.  People can break anything, Libya, when it was taken over from it's Dictator, had an expose of it's code and communications  capture and breaking equipment.  The wall street journal had a picture and listing of all the equipment they had.  It was very impressive, and very state of the art.

We are not in Kansas anymore Dorthy, get over it.


No comments:

Post a Comment