Posted on 02/22/2021 12:21:07 AM PST by Sense
The gist of the Congressional inquiry into the role NSA may have played in manipulating the U.S. civilian government technical standards development and approval process is not the first time the legislative branch of government has smelled a rat when it comes to NSA inserting “Trojan horses” into standards developed for civilian government and commercial use. In the case of Dual_EC_DRBG, NSA’s zeal in providing itself with a hidden back door to spy on targeted computers and networks relying on the NIST standard may have boomeranged. Back doors of any nature in information technology products is a hack waiting to happen. There is also a suggestion that the U.S. Intelligence Community’s haste in blaming “Russian,” “Chinese,” “North Korean,” “Iranian,” and other hackers for the SolarWinds breach was to cover its own tracks in pushing for widespread use of an encryption standard for which it had implanted a serious security design flaw.
There is every likelihood that the “damaging” hacks from unnamed actors abroad into U.S. federal, state, and local government networks and computer systems, as well as those in the private sector, have been carried out by U.S. Cyber Command personnel testing their backdoor Trojan horse capabilities. For every well-publicized hacker attack blamed on foreign players, the NSA and Cyber Command enjoy huge boosts in their operating budgets.
The rush to outsource computing capabilities and data storage to “cloud” operations brings about inherent security vulnerabilities. Those who began worrying about computer security risks in the late 1960s, including those working for the Central Intelligence Agency, would have gone ballistic if they lived long enough to see the CIA outsource its cloud computing requirements to Amazon.
(Excerpt) Read more at strategic-culture.org ...
It appears others are becoming aware...
"Russians" my ass...
A “trojan horse backdoor”?? Those are two different things.
A Trojan Horse is something coming through the front door pretending to be something else.
A backdoor is an opening left by a programmer.
I've posted this many times. The purpose of NSA technical reviews is to make sure our adversaries can not crack our encryption standards and also to slip in weaknesses that only they can also exploit, since our adversary's can also use these standards. It's not some simple backdoor that a Snowden can leak. It is a weakness that even if known, doesn't do our adversary's any good if they don't have the raw computing power and specialized algorithms to take advantage.
Which standard? Are we talking AES? Something more specific like GCM or CCM?
From I gather they are saying the standard set by NIST. Which would only apply to US gov systems, unless I am incorrect.
The CIA and NSA use Cloud Sourcing.
It happens all the time and for most part no one in the deep state does a damn thing. Thats because these companies give money to politicians in states that have a heavy tech business; such as Silicon Valley CA, west coast WA/OR, research traingle NC, etc. Its shameful.
When Trump banned Huawei and Tik Tok, for example, it ruffled alot of feathers. Dont expect such concern for our tax dollars or network security to come from the current admin.
Rd later.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.