
The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) - Cieplak
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
======
Estragon
Just started reading a history of the NSA [1], and it's very interesting.
E.g., the execution of the Rosenbergs was a travesty of due process, but the
US had secretly decrypted a message listing them as Soviet spies. Another
example, a midlevel employee of US SIGINT efforts told the KGB that the US was
capturing and decrypting basically all Russian communication, and the Russian
response was to harden their protocols (far less radio traffic, much greater
use of one-time pads, basically.) The traitor was never prosecuted, because
reporting the evidence against him would have revealed a SIGINT source.

Cryptology became the poor stepchild of US SIGINT efforts after this, because
it yielded so little useful intelligence regarding Russia. As a result, the
North Korean invasion which started the Korean war took the US completely by
surprise. The US was subsequently able to crush the invasion in part because
the North Koreans transmitted all communications in the clear, so they often
knew what NK military units were going to do before they knew themselves. It
took the US about a month to spin this capability up, though, because non-
Russian communications had been completely neglected.

This neglect burned the US again when China decided to enter the war. The US
could not believe this was happening, despite mounting SIGINT evidence, so
China again had the advantage of surprise. China actually was encrypting its
military communications in a way that the US could not decrypt (at least
initially; I haven't finished reading this section of the book) which gave
them a huge advantage in the initial engagements with US forces.

[1] [http://books.google.com/books?id=x_K2rb-
OShMC&printsec=f...](http://books.google.com/books?id=x_K2rb-
OShMC&printsec=frontcover) (Currently only $3 for the e-book!)

~~~
pooriaazimi
I knew all about it, and much more. But not by reading that book - Last month
I watched CNN's 1998 documentary about the Cold War. _ABSOLOUTELY AMAZING_. 24
episodes, each about 50 minutes. Tons of never-seen-before footage and
interviews with many of the parties involved in the Cold War (Gorbachev,
Castro, Kissinger, Reagan, H. W. Bush, and dozens of other well-informed
ministers, ambassadors, spies, soldiers and citizens)

But more importantly, it's fair. It doesn't blame Russia while praising
America or vice versa. Bot powers did dreadful things during the Cold War, and
this documentary shows them all. After watching it, now I have a very deep
respect for CNN and Ted Turner.

It's only available on VHS, and only on eBay (or used, at Amazon). If you
don't have a VHS player anymore (who has?), contact me ( _edit: for download
links, not for selling you a VHS player!_ ).

If you're interested in Cold War history and want to know more, watch this
definitive series. You won't be disappointed.

~~~
knewter
I went to contact you but don't see contact information listed on your hn
profile. I'm very interested...

~~~
pooriaazimi
Oops... pooriaazimi@gmail.com

Sorry - I thought emails are visible on HN profile.

~~~
JayNeely
There's a standing feature request to make this more apparent:
<http://news.ycombinator.com/item?id=1017933> \- help it out with an upvote.
:)

------
JonnieCache
_"According to another top official also involved with the program, the NSA
made an enormous breakthrough several years ago in its ability to
cryptanalyze, or break, unfathomably complex encryption systems employed by
not only governments around the world but also many average computer users in
the US. The upshot, according to this official: “Everybody’s a target;
everybody with communication is a target.”_

What do people think this refers to? Somebody managed to compile sslsniff, or
something more significant? Have they found a key weakness in RSA or similar?
Are they just bruteforcing all those crappy ssl certs that are floating
around? Does it refer to realtime decoding of GSM? Don't we all believe they
can do that anyway? I guess we can only speculate.

Just because I'm paranoid, doesn't mean they're not out to get me...

~~~
drostie
From the article's excitement, I would almost guess that they have a working
attack against AES, but that sounds extremely unlikely with the amount of
scrutiny AES has received. Still, AES is known to have some very clean
algebraic properties, and people have wondered since the AES competition
whether those would translate into real attacks -- perhaps the NSA has found a
way. At least, the discussions about saving data to decrypt later sounds very
suggestive of a break on either Triple DES or AES.

But I should say that you wouldn't have to break AES to break HTTPS and read
most of the encrypted conversations on the web. In late 2008 a group of
academics broke HTTPS by lifting a digital signature from a legitimately-
signed document which gave few HTTPS permissions, onto a document which gave
them arbitrary permissions. They did this by breaking the MD5 algorithm, and
it caused the community to finally excise the last of the MD5 certificates for
SHA1 certificates. But the NSA could do the same with the SHA1 algorithm's
known weakness, and could then listen in on any man-in-the-middle attack they
wanted. How complex is this? Since 2008, we've had an attack which might work
in 2^52 operations or so. For the NSA that's approximately nothing. The Cray
computer (one which we know the US government has) does roughly 2 petaflops
now, or 2^51 operations per second or 2^67 per day. So it's reasonable to
believe that, if they move from eavesdropping to active communication, they
can already break HTTPS. (There is a risk in this method, however: if someone
catches you doing this "in the wild", then they might notice and raise a big
stink about it.)

Their exaflop goal would then be 2^85/year, which would be enough to run
publicly-known attacks against Triple DES and perhaps to factor known 1024-bit
RSA moduli -- for example the Equifax Root CA is 1024 bit RSA. If you could
compromise one of those just once, you could issue certificates of your own --
and it would be extremely difficult if not impossible to detect the intrusion.
So with exaflop computing, they could seriously just spend a couple weeks
breaking an RSA-1024 modulus and launch undetectable man-in-the-middle attacks
against everyone.

It's also likely that they've got more efficient attacks than the public
researchers have, since they have access not only to the public research but
also to a set of well-paid brilliant minds who work on these problems every
day, and have been for quite some time. (It would be nice to have some
transparency and know just how far they have gotten, but of course they won't
even tell us that. I guess that's a bit of a weird question anyway, like
asking, "in the odd event that you might want to stab the Internet to death,
we would like to know: how large is the largest knife you own?")

~~~
nl
_It's also likely that they've got more efficient attacks than the public
researchers have, since they have access not only to the public research but
also to a set of well-paid brilliant minds who work on these problems every
day, and have been for quite some time._

In case people aren't aware, this isn't just hyperbole.

The story of the DES S-Boxes[1] indicates the NSA (actually IBM working with
NSA, but still) was roughly 15-20 years ahead of publicly known attack
techniques in 1990. I'd imagine the public state of the art is a bit closer
now, but there is little doubt they have a big lead.

[1]
[http://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27...](http://en.wikipedia.org/wiki/Data_Encryption_Standard#NSA.27s_involvement_in_the_design)

~~~
dhx
There were few reasons for mainstream adoption of cryptography in the early
90's. On-line commerce and communication barely existed. Thus little motive
existed for public cryptography research and development. By comparison,
militaries of the world had decades of experience. Battles had been won and
lost because of cryptography.

The cypherpunk movement[1] of the 90's and gradual push towards mass adoption
of cryptography for on-line commerce led to the NSA attempting to introduce
key escrow via the clipper chip[2] (to enable backdoor access to crypto
systems). This plan suffered a quick demise, hastened in part by a serious
vulnerability in the scheme being identified by Matt Blaze in '94.

The rate of progress of this movement raised a lot of eyebrows. Crypto
currencies were discussed and demonstrated. Julian Assange (and others)
demonstrated Rubberhose FS (a deniable encryption system). And if that wasn't
extreme enough, Jim Bell started a conversation about the application of
cryptography to anonymous crowd-sourced political assassinations (!)...

It should be fairly obvious to see why the NSA (and more widely, the US
government) had concerns. These concerns are still valid today with dual-use
crypto-anarchy[3] technology such as Tor and Bitcoin being in common use. One
side may be trying to prevent this technology being used by Mexican drug
cartels, smugglers, etc. The other side sees greater merit in ensuring that
populations in Syria, Iran, China, etc can bypass government censorship.

It's well worth reading about this era of computing history and all the well
known names that were involved[4]. The insight gained will help with forming
opinions on current topics, ensuring that both sides of arguments and all
consequences are considered.

In summary, I think it'd be fair to say that mainstream reliance on strong
cryptography has dwarfed military usage for a number of years now. The threat
is also significantly higher to public/commercial entities because a failure
of crypto systems in banking, stock exchange, news and on-line commerce could
destroy economies. A break of AES, RSA, etc would primarily be kept secret to
prevent economies from collapsing -- not so much to maintain an ability to
decrypt meaningless chitter-chatter between millions of ordinary people.

[1] <https://en.wikipedia.org/wiki/Cypherpunk>

[2] <https://en.wikipedia.org/wiki/Clipper_chip>

[3] <https://en.wikipedia.org/wiki/Crypto-anarchism>

[4]
[https://en.wikipedia.org/wiki/Cypherpunk#Noteworthy_cypherpu...](https://en.wikipedia.org/wiki/Cypherpunk#Noteworthy_cypherpunks)

------
drostie
Bruce Schneier at this year's RSA conference:

"I think in the coming decade, the real threats to the Internet don't come
from the Bad Guys, they don't come from the criminals or the hackers, they
come from politics and they come from economics, and that's really what I want
to spend time talking about at RSA this year."

[http://365.rsaconference.com/community/connect/blog/2012/02/...](http://365.rsaconference.com/community/connect/blog/2012/02/24/rsac2012-podcast-
exp-107-new-threats-to-the-internet-infrastructure)

~~~
pentae
And spoken not 50ft from the NSA/FBI/CIA booths attending the conference ..

------
iterationx
NPR said they are building it there because Utah has the most linguistically
talented population in the country due to Mormon missionary work. eBay is
building a call center there for the same reason.

~~~
Osiris
As a Mormon who attended BYU in Provo, Utah, I can attest that a very large
percentage of the young male population is not only bilingual in common and
uncommon languages, but there's a deep sense of patriotism. Universities in
Utah are heavily recruited for law enforcement (FBI) and foreign service.

I agree that most of the reason for the Utah location is probably cost, but
the demographics are also very unique (and yes, fairly homogeneous as well).

~~~
vixen99
As with being pregnant, either unique or not.

~~~
Osiris
I'm trying to decide if I should be insulted or not. Is the comment stating
that the stereotype is that Mormon women are frequently pregnant? I'm not sure
what point you're trying to make.

edit: Thanks for the clarifying comments, I didn't catch that the comment was
referring to the grammer.

~~~
mryan
To quote an English comedy show: "One can not have gradations of uniqueness. A
thing either is, or is not, unique". I believe he is commenting on your use of
the term "very unique".

------
cypherpunks01
HN best practice - link to the non-paginated "View All" page if available:
[http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/al...](http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1)

~~~
nl
I strongly disagree with this.

Wired's articles are reasonably paged, and the complete article is very long.
On many devices (eg phones) long pages don't always render well. Additionally,
a publication like Wired deserves the page views for the good article.

It is different for publications that only have a paragraph per page.

TL;dr: there is no HN best practice.

~~~
javert
If a site doesn't want to allow people to "view on one page," they can disable
that feature.

I think going through multiple pages is a huge PITA, even in the case of
Wired. And I think your "many devices" point is probably too much of a corner
case to matter.

~~~
obtu
> If a site doesn't want to allow people to "view on one page," they can
> disable that feature.

That's not something I'd want to encourage. Whenever the pagination isn't
excessive, I'd link to the permalink the site gives, and let users fetch the
full article if they so wish.

------
forgottenpaswrd
This is very dangerous, we know that there are few levels of separation
between people: <http://en.wikipedia.org/wiki/Six_degrees_of_separation>

We also know that there is a very few people that connect people together, the
social "hubs".

What totalitarian regimes(Mussolini, Hitler, Stalin, Pol Pot, Kim Jol Il) did
was identify those hubs an exterminate them(at first they can't kill them so
putting them in jail is enough), and replacing them with puppets, eventually
changing society overnight.

It is too risky having someone storing every single communication between
people(including cell phone calls). They will understand what you say(a la
Siri) and text analyze it and search display it on graphs. With facebook and
cell phone connections they have everything to know more about yourself that
you know thyself.

When the US debt bubble explodes(that will happen in less than 5 years) and
people loose a significant part of their savings and get angry about the
status quo I don't know what is going to happen.

The US is becoming more and more of a totalitarian state day after day.

------
moo
I hear Yakov Smirnoff is going to return to Russia and tell jokes about how
bad the police state is in the U.S.

------
Cieplak
> the NSA made an enormous breakthrough several years ago in its ability to
> cryptanalyze, or break, unfathomably complex encryption systems

What does this entail?

~~~
drucken
From the article, and the premise that massive computing power is being
created and required anyway, it sounds much more like a weakness at AES
128-bit that is only practical for a government agency.

It also sounds that they discovered it before 2008, due to the jump in
resource timing, i.e. less than 10 years after AES.

~~~
pm90
Well, at least there's no doubt that they have unimaginably large computing
power... You can also hear many scientists from national labs hinting to that
effect in talks that are publicly available.

~~~
javert
_hinting to that effect_

hinting to what affect? Having a way to brute force 128-bit AES, or just
having large computing power?

~~~
pm90
I meant the large computing power part

------
euroclydon
So the quickest way to cure cancer would be to come up with a new encryption
scheme, where the byproduct of brute force cracking it would be simulating the
effects of genomics mutations?

------
DanBC
People good at math, or data mining, or etc might enjoy working for GCHQ. I
assume they'd enjoy working for NSA.

There's a bunch of very smart people, with interesting tech, and, uh, low pay.

I don't know about NSA but GCHQ is subject to a lot of oversight; breaking
laws would be problematic. Laws get written with specific exclusions for GCHQ.
And there are creative methods to evade other laws - US in theory cannot spy
on its citizens so they team with UK and ask us to do it for them.

~~~
munin
FYI: <http://www.nsa.gov/about/faqs/oversight.shtml#oversight5>

------
conover
More pictures:

<http://www.cryptome.org/2012-info/nsa-utah/nsa-utah.htm>

------
dmfdmf
This new site doesn't just happen to be located near a couple of internet
backbones?

------
pgroves
If this will be one of the most powerful encryption-cracking facility in the
world, can we just set our key strength based on it's computing power? So if
they end up being able to crack 1024 bit keys, can we just set our keys to
2048 and be ok? And then when they upgrade, everyone goes to 4096?

I'm not a security expert (obviously), so maybe I'm wrong, but in general I
don't see how they'll be able to build new monster computing facilities as
fast as consumer hardware can be upgraded to use slightly stronger encryption.

------
eliasmacpherson
If they are actively logging communications for future decryption due to
predicted increased computational power, and the allegations of them leaking
confidential communications to US firms to gain competitive advantage are
true:

Then this is another argument against (foreign/multinational) businesses
conducting anything sensitive in the cloud, even if it is encrypted end to end
and stored encrypted. Particularly for information that the businesses want to
keep indecipherable for many years.

------
rdssassin
Submitting application.

~~~
ImprovedSilence
haha. I hear they pay pretty well too.

edit: why the downvotes? I'm not trollin, they actually pay a percentage above
the standard govt pay scale.

~~~
CamperBob
If they weren't using all that power to spy on US citizens, it might be a bit
more palatable. You can make a case for being nosy when it comes to people who
aren't covered by our own Constitutional guarantees, but when it comes to US
citizens, due process is something I consider awfully important. (And no,
"national security letters" are not what I consider due process.)

Obviously not everything the NSA does is a problem from a Constitutional
standpoint, but still... the odds of being ordered to do something I would
find grossly unethical are too high for me to want to work there.

Worse still, I could see myself modifying my own ethics over time for the sake
of staying in my employer's good graces. How many people can honestly say they
would never fall prey to that temptation?

A shame, too, because I'll bet they still have some of the coolest toys
around, even in the present age of commoditized supercomputing.

~~~
rdl
The NSA is relatively careful not to do blanket spying on US citizens, at
least not directly, outside of specific legally approved programs (the NSLs,
combatants, those engaged in communications with a foreign power, etc.). I
agree the NSA and military/intelligence overreaches, but the people within NSA
do make some effort to obey the law. The right place to change this is with
the legislature (and judiciary) -- if there were stronger laws against
domestic spying, the NSA would follow them.

It's also quite reasonable (and I'd say honorable) to not work for them, if
you think either they're doing something immoral, or it would negatively
affect you. I support a lot of the NSA's mission (cyber defense for the US and
USG, specific international activity against enemies of the US), but certainly
would like to see greater privacy protections in the US, and to protect
private citizens (vs. governments) globally.

~~~
sneak
The problem, Ryan, is that when you have a huge super-secretive military
government organization whose people "make some effort to obey the law",
there's absolutely nothing stopping them from, one day, with no fanfare,
choosing to start ignoring the law when and where convenient.

There are no checks or balances on their power and the potential abuse
thereof. They operate in a legal vacuum, with carte blanche to do whatever
they decide is necessary. Even THEIR BUDGET is classified information. We're
not even allowed to know how many tax dollars they're spending to do illegal
shit they're not telling us about.

You can support their mission 100% (I do), and still think that they should be
entirely disbanded for this reason alone.

Only criminals would operate in this sort of LEGAL environment.

~~~
count
You've obviously never worked for a government agency if you think anything
could 'just happen' one day. It's hard enough to get things done that you ARE
legally allowed to do, let alone anything remotely questionable.

~~~
sneak
I think you're confusing government agencies that have oversight of some kind
with those that operate unchecked, like the military intelligence services
(NSA, CIA, etc).

They have decades-long histories of doing illegal shit.

[http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_co...](http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy)

~~~
count
At no point did I say they weren't doing anything illegal. Just that it
doesn't 'suddenly happen'. They're huge, and very, very slow moving.

------
bgilroy26
Interesting historical comparison (865 days ago)

<http://news.ycombinator.com/item?id=915971>

------
grandalf
What does the NSA actually do?

~~~
shingen
Tap -> Acquire -> Store -> Manipulate -> Analyze -> Supply

------
kfcm
Obligatory:

<http://xkcd.com/538/>

------
drivebyacct2
This makes me sick inside. Like it is futilely depressing to my core. I've
been trying to fight the government wiretapping and invading citizen privacy
since I was a sophomore in highschool.

By time people give a fuck, it's going to be too late.

~~~
tokenadult
I'm older than you are, evidently. Over the years, as I've read literature
from various eras and traveled to various places, I've learned that people can
feel under more constant surveillance, and BE under more constant
surveillance, in a small, isolated town or village than as citizens of a
modern high-technology state. And yet in 1989 people in several parts of
central Europe rose up for freedom--courageously doing so even after the
Tian'anmen Square Massacre was a worldwide news story--and defeated the secret
police organizations of totalitarian dictatorships. You can still fight for
freedom. That takes courage, but you'll find the courage if freedom means that
much to you. I'm wondering when the tens of thousands of local uprisings that
China reports each year in its official press will coalesce into a national
movement for freedom.

~~~
Create
nonsense.

 _1989 people in several parts of central Europe rose up for freedom--
courageously_

there was no need to rise up in central Europe: the regime collapsed by
itself, primarily for financial reasons. The countries were surveyed by the
West years before, and given IMF loans. The rest in 89 was literally a show,
albeit not in theatres but on screens. the regimes just morphed, like now in
China.

------
ObnoxiousJul
Good news. The more resource spent on electronical intelligence the less money
spent on human intelligence. And since humint has proven to be far more
efficient, praise the experts for taking the wrong decisions.

------
wavephorm
Remember all those HN users that were deriding me for saying the US is
becoming a fascist authoritarian regime... yeah I wasn't just making stuff up.

------
hendrix
Politicians can and do dictate the law these days, but they can't dictate
economics. If the NSA/CIA/Government pulls too much shit the smart people and
business will leave. Also, Mormonism is a cult.

~~~
Cieplak
I think the govt has already broken quite a few of its own rules, yet smart
people from around the world flock to Google, MIT, and the like. National
security letters, the Patriot Act, illicit war.

I would love to live in Berlin, but my family is here in the states, and the
NSA would still intercept my communications in Germany, anyway.

~~~
mjwalshe
And your point is? anyone working in ML and AI knows where large amounts of
funding comes from - this was true 30 years ago just as much so today.

------
alexqgb
All your mails are belong to us.

------
freestyler_1
_sends virus to tap just opened NSA data center_

Because tapping the biggest tapper is ironic. (not that I will do that/can)

