How NASA weakens to access internet Traffic

The internet is full of holes. The spy agencies in the US and UK have forced technology suppliers to deliberately weaken security measures in the online computing systems that everyone uses. As a result they may have compromised everybody's security - since the vulnerabilities can be exploited by anybody who discovers them.

The revelations appear in the latest batch of NSA and GCHQ documents leaked by the former NSA contractor Edward Snowden, now an exile in Russia.

The leaks appear to confirm long-held suspicions that the agencies covertly collude with tech firms to introduce "back doors" that bypass built-in computer security measures - like passwords, two-factor authentication and encryption - to get straight to the files they want.

Today's joint reports from The Guardian, The New York Times and website ProPublica might leave you with the impression that the agencies have made a mathematical breakthrough that renders encryption defunct. But the NSA has simply relied on plain old-fashioned spying to influence and infiltrate the internet security firms we trust.

"I'm pretty sure they are reporting well-known possibilities of cheating around cryptography," says Markus Kuhn of the University of Cambridge, placing "back doors" in commonly used software to allow the agencies access to secret messages.

One of the leaked documents reveals that the NSA and GCHQ aim to "insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets". An "endpoint communications system" simply means a computer, tablet or cellphone.

For example, most encryption algorithms require a random number generator to produce secure keys. "One of the oldest tricks in the book is to modify the random number generator so it outputs only a tiny subset of all the random numbers it normally should," says Kuhn – a bit like subtly weighing a die to roll 6 more often than it should.

This change would mean the software can only produce a much smaller list of secret keys than it should, though the number of keys is still too vast for you to notice the change without looking closely. If you know about the vulnerability, however, you can attempt to crack encrypted messages using only the smaller list of keys. That makes it more feasible to use brute force to crack the encryption – all you need is enough computing power, which of course the NSA and GCHQ have in abundance.

"Really now? What right minded criminal would tell law enforcement the weakness they exploit to make bread and butter. And even if criminal did talk, those flaws are deliberate modification and thus top secret. Thing which you won't be told about"