Bullrun Program
   HOME

TheInfoList



OR:

Bullrun (stylized BULLRUN) is a
clandestine Clandestine may refer to: * Secrecy, the practice of hiding information from certain individuals or groups, perhaps while sharing it with other individuals * Clandestine operation, a secret intelligence or military activity Music and entertainmen ...
, highly classified program to crack encryption of online communications and data, which is run by the United States
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
(NSA). The British
Government Communications Headquarters Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Un ...
(GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by ''
The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...
'', the program uses multiple methods including computer network exploitation,
interdiction Interdiction is a military term for the act of delaying, disrupting, or destroying enemy forces or supplies en route to the battle area. A distinction is often made between strategic and tactical interdiction. The former refers to operations whose e ...
, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques. Information about the program's existence was leaked in 2013 by
Edward Snowden Edward Joseph Snowden (born June 21, 1983) is an American and naturalized Russian former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and su ...
. Although Snowden's documents do not contain technical information on exact cryptanalytic capabilities because Snowden did not have clearance access to such information, they do contain a 2010
GCHQ Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Unit ...
presentation which claims that "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable". A number of technical details regarding the program found in Snowden's documents were additionally censored by the press at the behest of US intelligence officials. Out of all the programs that have been leaked by Snowden, the Bullrun Decryption Program is by far the most expensive. Snowden claims that since 2011, expenses devoted to Bullrun amount to $800 million. The leaked documents reveal that Bullrun seeks to "defeat the encryption used in specific network communication technologies".


Naming and access

According to the NSA's Bullrun Classification Guide, Bullrun is not a Sensitive Compartmented Information (SCI) control system or compartment, but the codeword has to be shown in the classification line, after all other classification and dissemination markings. Furthermore, any details about specific cryptographic successes were recommend to be additionally restricted (besides being marked
Top Secret Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...
// SI) with Exceptionally Controlled Information labels; a non-exclusive list of possible Bullrun ECI labels was given as: APERIODIC, AMBULANT, AUNTIE, PAINTEDEAGLE, PAWLEYS, PITCHFORD, PENDLETON, PICARESQUE, and PIEDMONT without any details as to what these labels mean. Access to the program is limited to a group of top personnel at the
Five Eyes The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in sign ...
(FVEY), the NSA and the
signals intelligence Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...
agencies of the United Kingdom (
GCHQ Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the Unit ...
), Canada (
CSE CSE may refer to: Education Examinations * Certificate of Secondary Education, a secondary school qualification in the United Kingdom, replaced by the GCSE * Civil Services Examination, an examination to qualify for government service in India Fi ...
), Australia ( ASD), and New Zealand (
GCSB The Government Communications Security Bureau (GCSB) ( mi, Te Tira Tiaki) is the public-service department of New Zealand charged with promoting New Zealand's national security by collecting and analysing information of an intelligence nature. ...
). Signals that cannot be decrypted with current technology may be retained indefinitely while the agencies continue to attempt to decrypt them.


Methods

Through the NSA-designed
Clipper chip The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, ...
, which used the Skipjack cipher with an intentional backdoor, and using various specifically designed laws such as CALEA,
CESA Cesa is a ''comune'' (municipality) in the Province of Caserta in the Italian region Campania, located about north of Naples and about southwest of Caserta. Cesa borders the following municipalities: Aversa, Gricignano di Aversa, Sant'Antimo, ...
and restrictions on export of encryption software as evidenced by ''
Bernstein v. United States ''Bernstein v. United States'' is a set of court cases brought by Daniel J. Bernstein challenging restrictions on the export of cryptography from the United States. History The case was first brought in 1995, when Bernstein was a student at ...
'', the U.S. government had publicly attempted in the 1990s to ensure its access to communications and ability to decrypt. In particular, technical measures such as
key escrow Key escrow (also known as a "fair" cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third pa ...
, a euphemism for a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...
, have met with criticism and little success. The NSA encourages the manufacturers of security technology to disclose backdoors to their products or encryption keys so that they may access the encrypted data. However, fearing widespread adoption of encryption, the NSA set out to stealthily influence and weaken encryption standards and obtain master keys—either by agreement, by force of law, or by computer network exploitation ( hacking). According to a Bullrun briefing document, the agency had successfully infiltrated both the
Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
as well as some
virtual private networks A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
(VPNs). The ''New York Times'' reported that: "But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government's nuclear department and another's Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300." As part of Bullrun, NSA has also been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets". ''The New York Times'' has reported that the random number generator
Dual_EC_DRBG Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criti ...
contains a back door, which would allow the NSA to break encryption keys generated by the random number generator. Even though this random number generator was known to be insecure and slow soon after the standard was published, and a potential NSA
kleptographic Kleptography is the study of stealing information securely and subliminally. The term was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology—Crypto '96.A. Young, M. Yung, "The Dark Side of Black-Box Cryptography, ...
backdoor was found in 2007 while alternative random number generators without these flaws were certified and widely available,
RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...
continued using Dual_EC_DRBG in the company's
BSAFE toolkit Dell BSAFE, formerly known as RSA BSAFE, is a FIPS 140-2 validated cryptography library, available in both C_(programming_language), C and Java_(programming_language), Java. BSAFE was initially created by RSA Security, which was purchased by Dell ...
an
Data Protection Manager
until September 2013. While RSA Security has denied knowingly inserting a backdoor into BSAFE, it has not yet given an explanation for the continued usage of Dual_EC_DRBG after its flaws became apparent in 2006 and 2007. It was reported on December 20, 2013 that RSA had accepted a payment of $10 million from the NSA to set the random number generator as the default. Leaked NSA documents state that their effort was “a challenge in finesse” and that “Eventually, N.S.A. became the sole editor” of the standard. By 2010, the leaked documents state that the NSA had developed "groundbreaking capabilities" against encrypted Internet traffic. A GCHQ document warned however "These capabilities are among the
SIGINT Signals intelligence (SIGINT) is intelligence-gathering by interception of ''signals'', whether communications between people (communications intelligence—abbreviated to COMINT) or from electronic signals not directly used in communication ( ...
community's most fragile, and the inadvertent disclosure of the simple 'fact of' could alert the adversary and result in immediate loss of the capability." Another internal document stated that "there will be NO '
need to know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
.'" Several experts, including
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
and
Christopher Soghoian Christopher Soghoian (born 1981) is a privacy researcher and activist. He is currently working for Senator Ron Wyden as the senator’s Senior Advisor for Privacy & Cybersecurity. From 2012 to 2016, he was the principal technologist at the Amer ...
, had speculated that a successful attack against
RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
, an encryption algorithm used in at least 50 percent of all SSL/TLS traffic at the time, was a plausible avenue, given several publicly known weaknesses of RC4. Others have speculated that NSA has gained ability to crack 1024-bit RSA/ DH keys. RC4 has since been prohibited for all versions of TLS by RFC 7465 in 2015, due to the RC4 attacks weakening or breaking RC4 used in SSL/TLS.


Fallout

In the wake of Bullrun revelations, some open source projects, including
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
and
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
, have seen an increase in their reluctance to (fully) trust hardware-based
cryptographic primitive Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and ...
s. Many other software projects, companies and organizations responded with an increase in the evaluation of their security and encryption processes. For example, Google doubled the size of their TLS certificates from 1024 bits to 2048 bits. Revelations of the NSA backdoors and purposeful complication of standards has led to a backlash in their participation in standards bodies. Prior to the revelations the NSA's presence on these committees was seen as a benefit given their expertise with encryption. There has been speculation that the NSA was aware of the
Heartbleed Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartble ...
bug, which caused major websites to be vulnerable to password theft, but did not reveal this information in order to exploit it themselves.


Etymology

The name "Bullrun" was taken from the
First Battle of Bull Run The First Battle of Bull Run (the name used by Union forces), also known as the Battle of First Manassas
, the first major battle of the
American Civil War The American Civil War (April 12, 1861 – May 26, 1865; also known by other names) was a civil war in the United States. It was fought between the Union ("the North") and the Confederacy ("the South"), the latter formed by states th ...
. Its predecessor "Manassas", is both an alternate name for the battle and where the battle took place. "EDGEHILL" is from the
Battle of Edgehill The Battle of Edgehill (or Edge Hill) was a pitched battle of the First English Civil War. It was fought near Edge Hill and Kineton in southern Warwickshire on Sunday, 23 October 1642. All attempts at constitutional compromise between K ...
, the first battle of the
English Civil War The English Civil War (1642–1651) was a series of civil wars and political machinations between Parliamentarians (" Roundheads") and Royalists led by Charles I ("Cavaliers"), mainly over the manner of England's governance and issues of re ...
.


See also

*
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
*
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
*
Mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizati ...
**
Mass surveillance in the United Kingdom The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed an ...
**
Mass surveillance in the United States The practice of mass surveillance in the United States dates back to wartime monitoring and censorship of international communications from, to, or which passed through the United States. After the First and Second World Wars, mass surveillance ...
*
MUSCULAR Skeletal muscles (commonly referred to as muscles) are organs of the vertebrate muscular system and typically are attached by tendons to bones of a skeleton. The muscle cells of skeletal muscles are much longer than in the other types of muscle ...
*
PRISM Prism usually refers to: * Prism (optics), a transparent optical component with flat surfaces that refract light * Prism (geometry), a kind of polyhedron Prism may also refer to: Science and mathematics * Prism (geology), a type of sedimentary ...
*
Tailored Access Operations The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997 ...
*
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
*
Voice over IP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of speech, voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms In ...


References

{{reflist, 30em


External links

* https://www.eff.org/deeplinks/2013/09/crucial-unanswered-questions-about-nsa-bullrun-program * https://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0 * https://www.schneier.com/blog/archives/2013/10/defending_again_1.html
Cryptography Opening Discussion: Speculation on "BULLRUN"
John Gilmore John Gilmore may refer to: * John Gilmore (activist) (born 1955), co-founder of the Electronic Frontier Foundation and Cygnus Solutions * John Gilmore (musician) (1931–1995), American jazz saxophonist * John Gilmore (representative) (1780–1845), ...
* https://www.cs.auckland.ac.nz/~pgut001/pubs/crypto_wont_help.pdf American secret government programs Mass surveillance National Security Agency operations GCHQ operations Intelligence agency programmes revealed by Edward Snowden Encryption debate