Allegations that NSA tool can neutralize common online security

28 Aug, 2013 13:53 / Updated 11 years ago

Information has surfaced regarding surveillance software allegedly in use by the NSA that is able to neutralize SSL, or Secure Sockets Layer, and HTTPS, that being one of the internet’s most common ways to encrypt private information.

Details regarding an unsecured database operated by Parabon Computing that was probed by a user known via Twitter as “AgentViz” was posted to the website Encyclopedia Dramatica. Parabon markets sophisticated products such as Blitz, which allow IT managers to experience dealing with simulated denial-of-service attacks on their networks.


RT America was approached by Anonymous on Monday with a tip on the alleged surveillance tool called 'Locksmith', and a link to the Encyclopedia Dramatica entry. The group as a whole seems to take no role in the information that has been posted, and its legitimacy remains in question.


According to the initial information provided, that software plays a role in the data packet surveillance brought to light by Edward Snowden’s PRISM leaks, which revealed the existence of a number of tools employed by American intelligence services to collect the online information on a grand and unregulated scale.


Encyclopedia Dramatica (or ED) is known within the hacktivist subculture as a satirical open wiki full of in-jokes, though it has often held important information as well, such as in the case of the FBI’s and Scotland Yard’s investigation and arrest of Ryan Cleary who was involved in the 2011 cyber attack of Sony.


The ED entry RT was directed to on that site entitled 'Parabon Leaks' refers to the Locksmith software, which can allegedly neutralize the encrypted SSL protocol, which works together with HTTPS, another common and trusted privacy layer available to online users for secure payments, instant messaging, and on email and social networking sites, among others. 

In essence, the adoption of HTTPS allows for what websites offer as "secure" payment online, and is therefore vital to online commerce. Beyond payment transactions, SSL -- which acts as the virtual "handshake" of security certificates that work over HTTPS -- are also critical to securing online access over Wi-Fi connections, as well as for the popular Tor anonymity network tool. 


The Locksmith software appears to be a product of AccessData, a digital forensics company. The entry on the wiki contains screenshots of product brochures which detail Locksmith’s ability to scan, monitor and analyze SSL encrypted data.


AccessData bills the software for use within networks by IT managers, though the allegation is that the same capabilities can then be employed by Locksmith to parse through the mountains of data collected by the NSA to decrypt SSL/HTTPs data indiscriminately.


Though the product’s details are stated so matter-of-fact as to appear mundane, according to Anonymous the technical hurdles in truly determining what Locksmith is capable of doing has resulted in their discovery to be disregarded. Still, the group insists that Locksmith represents yet another piece of software currently in use by NSA surveillance operations. Beyond Locksmith, the ED entry includes a number of other documents, as well as mention of more software including "Jigsaw." 

The Parabon Leaks entry mentions that journalist Glenn Greenwald, now a key figure writing on Edward Snowden's NSA revelations, was contacted with links to the information but so far appeared to have disregarded the potential leak. 

According to security expert Mikko Hyppönen of F-Secure Labs, he was made aware of the ED entry and its information over the weekend, but has not yet confirmed the veracity of the claims.


The group itself acknowledges that it may take months to understand what Locksmith represents, though it alleges that the NSA is attacking its information leak by shutting down links and editing pages on its open wiki that tells users to disregard Locksmith as “boring” and “common” IT software with no connection to PRISM.