A new wave of U.S. National Security Agency (NSA) document leaks show the agency wasn’t able to spy on everyone thanks to some encryption tools several programs use that successfully thwart digital espionage.
German magazine Der Spiegel reported the NSA couldn’t decipher communications such as emails and online chat messages from a handful of services that use encryption beyond the NSA’s code-cracking abilities, based on documents obtained from former NSA contractor and whistleblower Edward Snowden in 2013. Der Spiegel recently analyzed NSA documents Snowden previously released to news outlets in 2013.
“[U]biquitous encryption on the Internet is a major threat to NSA’s ability to prosecute digital-network intelligence (DNI) traffic or defeat adversary malware,” an NSA employee said in an internal training document from 2012.
Programs that used OTR or off-the-record or end-to-end encryption such as the anonymous network Tor and professional software company Zoho’s email and chat services proved to be major challenges for the NSA. The agency also reported that it couldn’t break into files using TrueCrypt, a recently decommissioned open-source, whole disk-encryption service, along with other encryption tools that kept some messages unreadable.
The NSA was stumped further if users incorporated a variety of security measures, such as using Tor to connect to the internet, CSpace to send online messages and ZRTP to make phone calls. That combination made individuals nearly invisible to the NSA, Der Spiegel reported.
But the leaked documents also revealed which services provide little privacy protections. The NSA labeled the services and files such as “trivial,” “moderate” or “catastrophic” based on how easy they were to decrypt. Hacking into Facebook chats were considered “minor,” Der Spiegel reported, while getting emails through “mail.ru,” a Moscow internet service provider was a “moderate” task.