Snowden pretty much had root - he had access to more or less everything that wasn't airgapped, including things the NSA wasn't supposed to have direct access to as part of their data-sharing agreements. (Of course, some ECIs presumably are airgapped - but much less than you probably expect these days.)
Not everything is being published, however. There are details from GCHQ STRAP3 (location of individual listening sites) but only STRAP2 documents, and all details of personnel and telephone numbers has been redacted by the journalists (perhaps a little too broadly - for example as in the GCHQ "refer requests for disclosure to" telephone number, you could actually Google it! I think they know by now, however <g>). Snowden wanted to end mass surveillance and sabotage of public security products; not reveal their cryptanalytic advantage to targets. It's the journalists who are doing most of the selection, I gather - but they've seen the whole haul, including what is not being published, and the picture is consistent, though (yes) incomplete.
My impression has been for some time that their cryptanalytic advantage is not actually vast, but their operational resources truly are. Throwing money at things doesn't magically give you breaks to the DLP - but it totally can buy you computing resources that can break 1024-bit Diffie-Hellman. (It mentions Cavium cores - suggesting large, parallel RSA/DH-optimised multipliers were on their HPC shopping list. They are much faster at 1024-bit than higher.) It can buy you insiders, or let you conduct operations that threaten or coerce insiders, or conduct astroturfing campaigns to frighten people away from encryption you can't break, or further the goals of your agency (which do not necessarily align with the government paying your way - it's not so much "oversight" as "don't get caught doing anything you shouldn't"). You can throw (a lot of) money at military contractors and hope some malware-by-committee comes out that you can use to hack anyone that looks interesting, grab intelligence or keys, or any of the above. And they typically attack from every angle at once.
My take on the HPC resources is that they're mostly used as brute force CPU/GPU power for low-entropy situations - anything where passwords are involved may be vulnerable. Email an encrypted DOC, ZIP or RAR file to someone? They're going to at least try it as a matter of course, even en masse, but they're not going to give it much juice unless you're tasked.
Money can't give you magic. However you very, very rarely need magic.
Ed had root, but I don't think he took everything. Moreover, some of the news orgs were intimidated into destroying their copies both before and after the release started. I don't think the news orgs know everything.
It doesn't take away from your larger point, but we can't presume they know more than they've published. They probably do, but we don't know what they know and what they don't (either because it was omitted or destroyed).
It's inherently dangerous to assume that NSA doesn't pay much of attention to the breaking of fundamental crypto math based on these documents.
If they did find a practical weakness in RSA and such, I think it's safe to assume it would be assigned the highest level of secrecy and simply won't be in range of Snowden's document sweep.
This seems to be a recurring argument: they have RSA breaking magic sauce in a safe in a bunker in a fort.
If they do indeed - surely they would at least employ it in the backend to decrypt data? The documents we are seeing are geared towards analysts and provided from the groups implementing various attacks/capturing/decryption functionality. They wouldn't even have to reveal anything - just "give us data, we'll send you back decrypted results". Yet they frequently set rather low expectations for decryption. And then theres the organizational question. Why have groups targeting VPNs, IPSec, HTTPS etc. when breaking RSA gives you a golden key to any of these?
What I'm saying is these arguments routinely devolve into "it's so secret, they can't tell their own employees or analysts and they can't use it for the capability could be leaked". At that point the consequence is that the magic RSA breaking sauce becomes pointless as you can't use it, certainly not for the objective the NSA has spent the last decade on: capture everything.
I see it like the judicious use of signals intelligence in WWII. If you use it for everything, you risk tipping the enemy off that their crypto is broken. You have to balance the benefit from the inherent knowledge leak from using it.
I'm not saying they have it, but if they had it, they would be foolish to use it all over instead of only on key targets.
The biggest surprise I took away from the Manning and Snowden revelations was that the "Need to Know" principle is no longer part of the US security community's playbook. Every government and military computer apparently contains everything from nuclear launch codes to the stats of Obama's fantasy sports teams, never mind whether the operator of said computer has any business accessing such information.
The very fact that these low-level staffers were able to do as much damage as they're credited with should have been enough to force a house-cleaning of every affected agency, from the top down.
Snowden was low-level, but he was basically an admin doing migration to a new system. His job description required the access he was given.
Additionally, one of the lessons learned from the 9/11 attacks was that keeping data too "Need to Know" might prevent people who actually need to know information from knowing about it.
I'd recommend you read Greenwald's book, "No Place to Hide". Snowden was not exactly "low-level", he was in training for operations. He backed down to a low-level position by choice when he wanted greater access to documents. He even took a pay cut to do so.
This has been made worse by the fact that they classify almost everything as secret now - while at the same time they still have to show many others those documents. When doing that even labeling stuff as "top secret" tends to be done a lot more often (when it's not necessary), which only dilutes the secrecy of the real top secret stuff, mixing that together with the less top secret stuff, and making it just as easy to be leaked and/or shared.
When you have 10,000 documents labeled "top secret", instead of just 100, who really knows what's really important from that list, and doesn't need to be "as shared" anymore?
Overall I'd like to commend the writer of this document on what has been by far the most neutral writing I've ever seen on this topic. The writer still takes jabs at the NSA here and there (NSA and Tor, for example), but generally the tone is very neutral.
I think part of the reason for this is that his audience hardly need convincing at this point. If you're a software-security-enthusiast you'll want to know how security is being broken regardless if it's ethical or not. If for no other reason than to know how to make stronger security in the future. If you are a Snowden-supporter you don't need convincing. If you're just a security-aware "regular" person, you'll also be interested in what is and isn't broken in the world of encryption. If you don't care about any of this, like most of my family, you won't be reading this article. If you're still anti-Snowden and/or pro-NSA after all the stuff that has come out then you're probably hardcore/immovable in your position and you believe deep down that foreign terrorists are plentiful and out to destroy USA - in which case, this author can do nothing to convince you otherwise.
There are plenty of people out there who aren't paranoid xenophobes that think what Snowden did was wrong. I think Marc Andreesen and Benedict Evans from a16z are probably two names most HN readers would recognize. Edward Lucas (a reporter for the Economist) does a pretty decent job making a case against Snowden in his book The Snowden Operation.
I'm not sure I want to engage into a debate about Snowden's actions at this stage of the game but that book's introduction seems to fit my description of a pro-NSA / anti-Snowden person. At least the opening paragraphs. It's up to the rest of HN to read that intro and see if they disagree with me and see something else in those words that I'm not seeing.
EDIT: I will acknowledge that the paragraph starting with "This book is not based on complacency about the status quo" does indicate, at least to me, that he's not 100% anti-Snowden though. Perhaps I could grossly, and only based on the intro, paraphrase his opinion as "Snowden just took things a bit too far". I can see that as a reasonable position to take. Even I don't think USA should just shutdown all secretive intelligence and pretend that there are zero terrorists.
If you're still anti-Snowden and/or pro-NSA after all the stuff that has come out then ... you believe deep down that foreign terrorists are plentiful and out to destroy USA.
I was taking issue with that bit. There are good reasons to think what Snowden did was wrong that don't involve paranoia about "plentiful" terrorists. You could, for example, draw a distinction between responsible whistleblowing and irresponsibly fleeing to a foreign country with literally thousands of classified documents.
You know that "responsible whistleblowing" has failed multiple times in the past right? Anybody who is upset with Snowden for not repeating the same pattern that failed to change anything, except the destruction of the whistleblower's life, is either unfamiliar with history or just completely illogical.
>>You could, for example, draw a distinction between responsible whistleblowing and irresponsibly fleeing to a foreign country with literally thousands of classified documents.
Ah, okay then. This position is completely reasonable.
I don't see why I can't be in shock and horror at what the NSA has been doing with my private data while at the same time not be in support of the way I found out about it.
I find the story very telling. The NSA is one of the largest employers of mathematicians, and yet it appears that the NSA has had more success simply by using backdoors.
I have to wonder if academic progress (like defeating cryptographic algorithms) can be achieved under a climate of secrecy. Without the free exchange of ideas and knowledge, how much progress can be had?
Math can only get so far..for example RSA keys have a brute force weakness..25% of the keys can be brute force guessed if you do not worry about validating primes when using one of five methods for guessing primes and just rely on huge computation power...hence US gov entities in 2010 suggesting the move to other key systems.
Whereas the new key system relies on hardening of packaging to offset any flaws in the one-way functions.
During the period in question, we know of at least one vulnerability (Heartbleed) that could have been used to extract private keys from software TLS implementations. There are still other, unreported vulnerabilities that could be used today.
His analysis that there are unreported vulnerabilities in TLS implementations sounds definitive enough to think he knows some of these vulnerabilities.
Not at all. Given the history of TLS implementations, I would call "There are exploitable vulnerabilities" the null hypothesis, and require extraordinary proof that a particular TLS implementation doesn't have vulnerabilities.
Perhaps, but this is an academic security researcher we are talking about. To generalise massively, academics are very deliberate and conservative in their language.
If he wasn't aware of at least one unreported exploitable vulnerability then I would expect him to say "There are almost certainly still other, unreported vulnerabilities".
As an academic, he has probably verified that the underlying algorithms are as sound as claimed. Problems like Heartbleed come from implementation errors. Implementations are very prone to error, so there are almost certainly still other, unreported vulnerabilities.
From the article, it would seem that side-stepping this, and going directly for the routers, or even the employees, is more efficient in actually circumventing encryption than hunting for vulnerabilities in encryption implementations.
Not everything is being published, however. There are details from GCHQ STRAP3 (location of individual listening sites) but only STRAP2 documents, and all details of personnel and telephone numbers has been redacted by the journalists (perhaps a little too broadly - for example as in the GCHQ "refer requests for disclosure to" telephone number, you could actually Google it! I think they know by now, however <g>). Snowden wanted to end mass surveillance and sabotage of public security products; not reveal their cryptanalytic advantage to targets. It's the journalists who are doing most of the selection, I gather - but they've seen the whole haul, including what is not being published, and the picture is consistent, though (yes) incomplete.
My impression has been for some time that their cryptanalytic advantage is not actually vast, but their operational resources truly are. Throwing money at things doesn't magically give you breaks to the DLP - but it totally can buy you computing resources that can break 1024-bit Diffie-Hellman. (It mentions Cavium cores - suggesting large, parallel RSA/DH-optimised multipliers were on their HPC shopping list. They are much faster at 1024-bit than higher.) It can buy you insiders, or let you conduct operations that threaten or coerce insiders, or conduct astroturfing campaigns to frighten people away from encryption you can't break, or further the goals of your agency (which do not necessarily align with the government paying your way - it's not so much "oversight" as "don't get caught doing anything you shouldn't"). You can throw (a lot of) money at military contractors and hope some malware-by-committee comes out that you can use to hack anyone that looks interesting, grab intelligence or keys, or any of the above. And they typically attack from every angle at once.
My take on the HPC resources is that they're mostly used as brute force CPU/GPU power for low-entropy situations - anything where passwords are involved may be vulnerable. Email an encrypted DOC, ZIP or RAR file to someone? They're going to at least try it as a matter of course, even en masse, but they're not going to give it much juice unless you're tasked.
Money can't give you magic. However you very, very rarely need magic.