

NSA’s Internet taps can find systems to hack, track VPNs and Word docs - shawndumas
http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/

======
ohnoesitsthensa
Who wants to bet they can snapshot an instance on AWS and then boot it up on
their own cloud?

~~~
flyt
I'll take that bet.

~~~
hobs
I would too, being able to tap a stream of traffic and being able to pick an
instance and boot it?

I think they are way out of bounds but they are not god.

------
junto

       "Show me all the VPN startups in country X, and give me
        the data so I can decrypt and discover users."
    

Can someone explain this bit to me please? I read this as:

    
    
      1) The NSA have a list of companies (grouped by country),
         which analysts can 'target' for further inspection.
      2) The NSA can 'decrypt' that encrypted data.
      3) The NSA can 'discover' users.
    

2) and 3) are weird and scary. This suggests that VPN traffic is not secure at
all. It also suggests that they can target specific users exiting at that VPN
provider. There is nothing stated about restrictions on _particular_ VPN
protocols, suggesting that all are decryptable. Hence, OpenVPN could be also
as vulnerable as PPTP and L2TP/IPSEC.

To me this suggests that VPN's provide no privacy value against NSA spying.

How have other people interpreted this slide?

~~~
thepacketrat
By VPN startups, they mean initiation of a VPN session. Specifically, this
means they can grab the credentials at the beginning of a PPTP VPN session,
and then decrypt it. PPTP has been known to be vulnerable to this sort of
attack for some time.

