Australia’s electronic espionage agency is a partner in a massive United States-led assault on internet security and privacy, according to top secret documents disclosed by former US intelligence contractor Edward Snowden.
The German Der Spiegel magazine has published new disclosures of signals intelligence cooperation between the United States and its “5-eyes” partners – the United Kingdom, Canada, Australia and New Zealand – revealing that the secret agencies have broken most widely-used forms of internet encryption.
Many of the leaked documents are classified top secret, “COMINT” (communications intelligence) and releasable only to “5-eyes” agencies – the US National Security Agency (NSA), the Australian Signals Directorate (ASD), the United Kingdom’s Government Communications Headquarters, Canada’s Communications Security Establishment and New Zealand’s Government Communications Security Bureau.
Intensive efforts to overcome what is described as the “major threat” of “ubiquitous encryption” on the internet have been regularly discussed at top secret “SIGDEV” – signals intelligence development conferences between the “5-eyes” agencies.
The leaked documents show the NSA and its allies routinely intercept supposedly secure Hypertext Transfer Protocol (Https) connections used for internet applications including banking and financial services, e-commerce or accessing webmail accounts. According to one top secret document, the NSA planned to crack 10 million intercepted https connections a day by late 2012 with a particular focus on “password based encryption systems”.
Other priority intelligence targets are virtual private networks (VPN) which are used by companies and organisations operating from multiple offices and locations. NSA and its partners operate a large-scale VPN exploitation project to intercept the data exchanged inside VPNs. Examples of successful interception cited in the leaked documents include government networks in Afghanistan, Greece, Pakistan and Turkey as well as a Russian telecommunications company.
According to a 2013 NSA document leaked by Mr Snowden and previously revealed by The New York Times, the ASD obtained nearly 1.8 million encrypted master keys, used to protect private communications, from the Telkomsel Mobile network in Indonesia, and developed a way to decrypt almost all of them.
Another supposedly secure system accessed by the NSA and its partners is Skype, which is widely used to conduct internet video chat. The newly leaked documents show Skype has been successfully intercepted since at least February 2011.
Although the NSA and its partners including the ASD are lead government agencies promoting and strengthening internet security, the documents show they are simultaneously and covertly seeking to weaken encryption standards and modify commercially available IT security systems and devices to “make them more exploitable”.
The NSA documents show some forms of encryption continue to pose difficulties for “5-eyes” intelligence capabilities, even with the employment of the world’s most advanced supercomputers to decrypt internet traffic.
Which tools the spies can’t crack
The Tor network, which was developed for surfing the web anonymously, is considered to be a “major” problem, as is Truecrypt, a program for encrypting files on computers. A combination of Tor, the instant messaging system CSpace, and a system for internet telephony called ZRTP is categorised as “catastrophic” for the NSA and its partners, resulting in a “near-total loss/lack of insight to target communications”.
The newly released documents show that NSA and its partners were tracking and frustrated by increasing use of advanced encryption systems by terrorist networks long before Mr Snowden’s disclosures of “5-eyes” capabilities in 2013.
The Australian government has repeatedly refused to comment on specific disclosures from the documents leaked by Mr Snowden. However federal Attorney-General George Brandis has called Mr Snowden “an American traitor”.
Australia’s new national security laws criminalising any disclosure or publication of details of “special intelligence operations” by the Australian Security Intelligence Organisation or “ASIO affiliates” are intended to prevent any similar leaks by “trusted insiders” within the Australian intelligence community.