Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

(Christopher Lane/AP Images
encryption

The NSA targeted an Irish company as part of its data-gathering activities

The latest documents released by Edward Snowden found that the NSA targeted SecurityKISS, a VPN service based in Dublin, using its computer system XKeyscore.

THE LATEST COLLECTION of NSA documents released by Edward Snowden revealed that it targeted an Irish company as part of its data collection activities.

A report from the German magazine Der Spiegel revealed that one of its targets was SecurityKiss, a VPN (virtual private network) service based in Dublin. It used XKeyscore, the NSA’s computer system that searches for and analyses data it collects worldwide, to carry out this action.

One of the documents, dating from late 2009, said the agency was processing 1,000 requests an hour to decrypt VPN connections and was expected to increase to 100,000 per hour by the end of 2011.

The aim was for the system to be able to completely process “at least 20 percent” of these requests, meaning the data traffic would have to be decrypted and reinjected. In other words, by the end of 2011, the NSA’s plans called for simultaneously surveilling 20,000 supposedly secure VPN communications per hour.

Speaking to TheJournal.ie, the founder and CEO of SecurityKISS, Grzegorz Luczywo, said that the news was “disturbing but not so surprising,” but there was nothing to suggest that this traffic was decrypted.

From the documents, nothing suggests that these traffic was actually decrypted [and] nothing suggested that that the communication was broken. What is certain is that the traffic is collected in an encrypted form.

While SecurityKiss doesn’t use usernames and passwords for OpenVPN – instead it uses the individual private keys and certificates embedded in the programme which means the basic NSA attack of stealing keys can’t be used as they’re not in the activation email – the company isn’t ruling out the possibility of other attacks.

Recently, the company had to discontinue its PPTP (Point-to-Point Tunneling Protocol) service as the connection method had been compromised by the NSA.

While a small number of its users availed of it –  less than 5% according to Luczywo – it was alerting customers that using it didn’t ensure confidentiality and to use OpenVPN and end-to-end encryption if they needed secure communications.

“We were warning users that it doesn’t ensure confidentiality so they should only use it for video streaming or other applications where confidentially isn’t that important,” Luczywo. “It was more popular on mobile devices because of the ease of configuration, but basically, most of the traffic goes through OpenVPN and most users are Windows users.”

The company may also look for help from digital rights and privacy organisations to see what it can do from a legal perspective, but for now, the company is waiting for the release of more detailed and technical documents so it can figure out the extent of the NSA’s targeting.

Read: Aviation experts call for compulsory ‘real-time’ tracking of aircraft >

Read: One in 12 drivers are still using their mobile phone while driving >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
20
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds