The NSA Probably Broke Skype’s Crypto In 2007 — And Lied To The Germans About It

Four years before Skype was added to the PRISM program in 2011 [1], the NSA almost certainly had broken the cryptography protecting the once-believed-secure chat program.

This comes out of a slew of documents which Der Spiegel released on the NSA’s activities in Germany — Cryptome has a PDF of all 200+ documents in one convenient place [2]. It turns out that nowhere in Europe is the NSA as active as in Germany [3], a point which I’ve made here before.

(They even have an amusing interview [4] with a former Stasi agent, who was involved in the Stasi’s fairly successful efforts to spy on the NSA. He explains that even back then, the NSA eagerly spied on their West German “partners” while not giving them a lot of information in return.)

The Skype revelation comes indirectly from a document meant to prepare NSA personnel for a meeting between the NSA and the German intelligence services [5]. (Other people have noticed the implications of this wording as well [6] but misread the date on the document.)

Talking about “potential landmines,” a paragraph classified TOP SECRET // SIGNALS INTELLIGENCE // NO FOREIGNERS explains that “The Germans may bring up the subject of Skye. NSA’s response has been that it has some success working SKYPE via tailored access at the end point […] Should the partner raise this issue again, recommend that NSA once again redirects them to FBI and CIA.”

So, where’s the beef?

Those of you who are familiar with the world of secret-keeping will notice the implied lie here… “NSA’s response has been” — in other words, “regardless of whether you know different, here’s what the truth is as far as the Germans are concerned.”

The closing sentence, suggesting the Germans be redirected to other agencies without the NSA’s crypto-capabilities, all but confirms this reading. After all, if the NSA was not trying to hide a break in Skype from its “partners,” it would be happy to collaborate (since perhaps the Germans would be able to contribute expertise).

Instead the NSA wants to keep its “partners” as far away from its Skype-interception capabilities as possible… starting with a bullshit story about how the NSA can only access Skype by hacking endpoints.

As I’ve noted before, cryptanalytic capability is one of the most if not the most closely guarded ḱind of secret in the signals intelligence business.

[1]
https://image.guim.co.uk/sys-images/Observer/Columnist/Columnists/2013/6/13/1371134730206/prism-timeline-010.jpg

[2]
http://cryptome.org/2014/06/nsa-spiegel-snowden-14-0618.pdf

[3]
http://www.spiegel.de/international/germany/new-snowden-revelations-on-nsa-spying-in-germany-a-975441.html

[4]
http://www.spiegel.de/international/germany/interview-with-former-stasi-agent-about-the-nsa-a-975010.html#r

[5]
http://www.spiegel.de/media/media-34046.pdf

[6]
https://twitter.com/puellavulnerata/status/479294559701434368

Advertisements
%d bloggers like this: