NSA is accused to be spying on the people for years. In a recent article, NewYork Times describes the strategies by NSA on the exploitation of the implementation flaws in some of the popular crypto products. It also discusses about the cases of NSA made companies to insert backdoors into the products and thus weakening the public encryption standards.
It might be right from a national security perspective, but not from a people perspective. Now that it is disclosed, I am sure that we will see a number of encryption algorithms resurrect in the coming months and years. Every country might end up having their own encryption methods and products to protect the data eventually leading to lack of interoperability and ensuring security.
Who else knew about it other than NSA
The most important question now is “Who else knew about the weaknesses in the crypto products?” Like NSA, have they used it as well? What about the producers of these products? How did these vendors ensured that their employees who knew about the requirements did not sell this to the Chinese and Russian hackers?
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.
The NSA is created to intercept communications and it appears that a large amount of budget is allocated for their efforts. As part of this, it is only common sense to assume that they do all possible acts to intercept communications, whether encrypted or not.
The spys (of others) within NSA, if any, might also have had access to this information. If you the world knows that there are weaknesses in the crypto products, nations will spend a lot to find it. Who knows, by now powers like China and Russia might have already built capabilities to use the backdoors setup by NSA?