The UK's communications intelligency agency GCHQ recruited "covert agents" from within the telecommunications industry to make it easier to decrypt secure Internet traffic, according to new reports from The Guardian, New York Times and US website ProPublica.
The allegation is the latest to derive from documents leaked by former NSA IT contractor Edward Snowden. The latest batch of documents, the newspapers claim, reveal a systematic campaign to circumvent basic Internet security defences by US and UK intelligence forces.
The NSA operates of $250 million progamme called Bullrun who's aim is to counter attempts to encrypt data sent over the Internet, The Guardian reported yesterday. The NSA documements describe Bullrun as “the price of admission for the US to maintain unrestricted access to and use of cyberspace", it claimed.
The US agency has built supercomputers whose specific purpose is to decrypt Internet communications through brute force, the reports allege. It has taken measures to weaken international encryption standards. And it has worked with unnamed technology providers and ISPs in order to "covertly influence" their security measures.
GCHQ is allegedly complicit in Bullrun, the documents claim, and has established a team responsible for “identifying, recruiting and running covert agents in the global telecommunications industry.”
The documents also allege that for at least three years, GCHQ has been working to develop ways to access Google, Hotmail, Yahoo and Facebook’s encrypted traffic, successfully developing “new access opportunities” into Google by 2012.
The NSA's intention to intercept encrypted data was revealed back in the 1990s, when it encouraged businesses to adopt a hardware system that had been develop by the US military but that had a backdoor for the NSA. It was rejected by manufacturers and consumers after privacy rights groups campaigned against its deployment, after which NSA began a programme of undermining encryption technologies by stealth.
The latest revelations have been roundly criticised by Internet security experts, who argue that undermining encryption – even in the name of national security – jeopardises the integrity of the world's communications infrastructrure.