How the NSA Can Hack Your Emails

In the video, Edward Frenkel explains how the NSA is able to hack emails. It circulated a few years ago when the video was first made, but it bears reposting.

Professor Frenkel goes into some detail about the science of cryptography. He has an ability to discuss this complicated math at a level which is understandable by the layman, and it’s worth your 10 minutes to watch it, and explore some of the other links provided by Brady Haran at Numberphile.

If you don’t have time to watch now, a very very simplified discussion is provided here.

Gmail, Yahoo and other email and messaging providers all use the same encryption method. It is a formula which uses two large prime numbers that creates a relationship between a public key (half of a standard component of the formula outcome) to match with a private key (the randomly-generated other half of the formula).

The standard components are provided by the National Institute of Standards and Technology. These numbers are used by all users of encryption software, not only email providers, but by other users of sensitive data such as banks, the IRS, credit card companies, and so on. The standard components are published on-line and is public knowledge. Once the relationship between the components is known, then it’s simply a matter of plugging in the numbers to find the “seed number” which is a unique number for each company / organization. This is how hackers have been able to compromise financial databases as well as emails. It’s not simple, and a high level of mathematics is required as well as sophisticated software and amped up hardware which is easily obtained if you’re into that kind of stuff.

Encryption keys use prime numbers because, among other things, a prime number can only be divided by itself, which eliminates a lot of work for the formula generator, as there is only one number which works with it.

It is by observing the relationship between the standard components of the encryption, knowing the formulaic relationship between them, and the randomly-generated numbers that a pattern can be derived over time. The solution is reverse engineered.

For a very simple example, if you find a pattern of

  • 2 x a = 4, but not 5
  • 471 x a = 942, but not 943
  • 896,769 x a = 1,793,538, but not 1,793,539

eventually you’ll find that a = 2.

Best practice uses large passwords, such as those generated by GRC passwords, and 2 step verification. This will make it difficult for others at your end to access your private sites. But understand that if any person or organization wants access to your information, they will create or hack into an access point at the owner’s database, e.g., Google, Paypal, or at some point or node on the route. The lastest exposure is the vulnerabilities inherent in the Internet of Things.

Until true quantum computing becomes commonly available, here are links to two of the latest encryption technologies: measurement device independence and upgraded hardware and block chain technology.

For more information to follow the discussion around this issue, the ACLU , New York  Times, Wired, and Wikipedia are good places to start.

Fresh Air and Free is not affiliated with any of the sites mentioned in this blog.