Western security services have undermined "the major tools protecting the privacy of everyday communications in the internet age", including in banking transactions, newly disclosed documents from a media consortium show.
The National Security Agency, in the US, and the Government Communications Headquarters, in the UK, "have capabilities against specific network security technologies", a "top secret" briefing document published by
ProPublica states. The Defence Signals Directorate in Australia is also privy to the program.
The security services have achieved a number of "successes" with their methods, which are presumably directed toward counter-terrorism efforts rather than commercial snooping.
Edward Snowden, a notorious whistleblower, is the source of the documents, which were reported over the weekend by
The Guardian and
The New York Times newspapers, along with ProPublica.
Banks and internet service providers in Australia routinely employ the style of security that the disclosures suggest is now compromised.
Commonwealth Bank, for example, in its product disclosure statement for its CommBiz service for businesses, states that "all the data sent to and from your computer is encrypted using industry-standard 128-bit Secure Socket Layer encryption technology."
The briefings published by ProPublica state that "the various types of security covered include TLS/SSl [ie, Secure Socket Layer] and https (eg, webmail)." Virtual private networks used by many companies, including banks, are also covered.
These technologies "can be exploited" the briefing states, though the actual methods are not mentioned.
These methods may include brute-force attacks "using supercomputers, technical trickery, court orders and behind-the-scenes persuasion," ProPublica reports.
For example, a 2010 UK briefing stated: "Vast amounts of encrypted internet data are now exploitable." And a separate British memo said: "Those not already briefed were gobsmacked."
According to ProPublica, "the NSA has worked with American and foreign tech companies to introduce weaknesses into commercial encryption products, allowing backdoor access to data."
The Guardian also reported that intelligence agencies "collaborated with technology companies and internet service providers."
The UK newspaper reported that "through these covert partnerships, the agencies have inserted secret vulnerabilities - known as backdoors or trapdoors - into commercial encryption software."
The New York Times reported the agencies "began collaborating with technology companies in the United States and abroad to build entry points into their products."
"In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door."