IP Communications Featured Articles
Did the NSA Crack UN Video Conferencing Security?
September 05, 2013
By Steve Anderson, Contributing TMCnet Writer
The issue of security is a hot-button issue in technology these days, especially in light of the recent PRISM affair and continued revelations of government surveillance activities the world over. But one particularly thorny issue has emerged—one that's thorny for several reasons—as some are asking if the United States' National Security Agency (NSA) managed to break into the United Nations' (UN) video conferencing security system.
The reports have emerged from German magazine “Der Spiegel,” and connect to documents released by former NSA contractor Edward Snowden. The documents in question indicate that the NSA managed to decode the security around the UN's New York headquarters' video conferencing system, which in turn allowed the NSA to “dramatically increase” data gathered from video conferences, as the total number of decrypted communications at the UN went from just 12 to 458 in just three weeks. Reports also suggest that the Chinese at least attempted to do likewise, though the success of that enterprise is, as yet, unknown.
There are, however, other potential explanations for what occurred than the NSA hacking the UN. Under normal conditions, video conferencing can be very secure, assuming a number of security protocols are carefully followed, like the use of strong passwords that are regularly changed. Estimates indicate that the time required for even a supercomputer to launch a brute-force attack on a video conferencing system—commonly using a 128-bit encryption key generated automatically at the start of a session--measures into the billions of billions of years. Given that some estimates of the age of the entire universe suggest it's only 13.75 billion years old, the chances of the NSA successfully hacking a 128-bit encryption key are somewhat low. Considering that this security measure is just one of several, including device-level keys and password keys, only brings the likelihood down even further.
Yet, it is entirely possible that the NSA gained access thanks to other methods that are less familiar, and less considered than the alternative. Several “user-introduced weaknesses” can come into play here, including users turning off the encryption features on video systems, using old systems that don't support the 128-bit encryption key, or connecting to other devices that don't support the encryption system. What's more, it's also possible to compromise the video systems, as many of these systems are designed to be used remotely. This makes for a potential point of access for those who want to break in. It's also possible, if unlikely, that hacked firmware could have been uploaded to video systems that allowed for a back-door access scheme.
Essentially, it's entirely possible that the NSA could have found a way in, thanks to the technological equivalent of an improperly-locked door. There are several methods involved here that are much more likely than breaking 128-bit encryption systems, many of which come into play in a variety of other systems from e-mail to cloud storage.
Just what the NSA actually managed to pull off here is unclear, but the overall thrust—that it found a way into the video conferencing systems at the UN—is actually more likely than some may think, if it were done a particular way. Indeed, the old aphorism holds true: what one can lock, another can unlock, and even video systems can be accessed under the right conditions. Yet these conditions are the kind that many can protect against, and feature tactics that should be used every day.
Edited by Blaise McNamee
IP Communications Testimonials
J. Wright - The Campaign Center, INC