According to reports published this week by the German news magazine Der Speigel. The NSA (National Security Agency) has a division called the Office of Target Pursuit (OTP), which maintains a team of engineers assigned to cracking the VPN (Virtual Private Networks) encrypted traffic. It is believed that they have developed tools that have the potential to un encrypt the traffic of the majority of VPNs. A presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used.OTP’s VPN exploit team assigned its members to branches to specifically focus on regional teams, including a “Cross-Target Support Branch” and a custom development team for building targeted VPN exploits. At the regional level, the VPN team acted as liaisons to analysts, providing information on new VPN attacks while also gathering requirements for specific targets to be used in developing new ones.
Some VPN mechanisms —specifically, the Point-to-Point Protocol (PPTP)—have previously been isolated and identified as being vulnerable to attack because of the key exchange at the beginning of a VPN session, while others have generally been assumed to be safer from scrutiny.
Since 2010, the NSA had already developed software tools to attack commonly used VPN encryption schemes, specifically the Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.
The NSA has created a specific repository called TOYGRIPPE for capturing VPN metadata. The TOYGRIPPE repository stores information on VPN sessions between systems of interest, including their “digital fingerprints” for specific devices and which VPN services they connect to during key exchanges between them, as well as other connection data. VPN “digital fingerprints” is also be extracted from NSA’s distributed “big data” store of all recently captured Internet traffic called XKEYSCORE which is used to identify targets to develop a attack.
Since XKEYSCORE includes data from “untasked” sources (people and systems not designated as under surveillance) the OTP VPN Exploitation Team “tries to avoid relying on XKEYSCORE work flows due to legal and logistical issues.” But XKEYSCORE, remains, the best for attacks on SSH traffic.
NSA analysis of the TOYGRIPPE and XKEYSCORE data, in addition to all daily VPN exploits is fed into BLEAKINQUIRY, another NSA metadata database of “potentially exploitable” VPNs. The BLEAKINQUIRY meta database is searched by NSA analysts for addresses matching targeted individuals or systems and to generate requests for the OTP VPN Exploit crew to finally convert the “potentially exploitable” into an “actuality exploitable”.
When an IPSec VPN is identified and “tasked” by NSA analysts, (meaning the people and systems are designated as under surveillance), a “full take” of all its traffic are stored in a VPN repository called VULCANDEATHGRIP. There are also similar yet separate repositories for PPTP and SSL VPN traffic dubbed FOURSCORE and VULCANMINDMELD, respectively.The data is then replayed from the repositories through a set of attack scripts, which use sets of preshared keys (PSKs) previously harvested from other sources such as exploited routers, etc. and then stored into a key database called CORALREEF.
Other attack methods are used to attempt to recover the PSK for each VPN session. If the traffic is of interest, all successfully cracked VPNs are further processed by a system called TURTLEPOWER and in turn sorted back into the NSA’s XKEYSCORE full-traffic database, all extracted content is then pushed to a digital network intelligence content database called the PINWALE.
VPNs that aren’t successfully cracked, by these methods are continually monitored by doing more data collection, capturing IPSec Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP) traffic during VPN handshakes to fortify and build better attacks in the future.
In the cases where the keys just can’t be recovered, the VPN Exploit Team will reach out to “friends” that will assist in gathering more information on the targeted systems of interest through other data collection sites and also by doing an end-run by calling on Tailored Access Operations to “create access points” through exploits of one of the endpoints of the VPN connection.
It is evident that the NSA is building a library of metadata to crack VPNs in an increasingly brute force manner, but they have to work hard for it and based on their tactics they are depending on conventional methods since 2010, so this was, as far as we know 4 years in the making so one can assume the XKEYSCORE database has grown since then.
What does this mean if you want to keep your secrets? Well, it’s a race now. The more hurdles you go through, using VPNs, Proxies, Wiped Devices, insanely long passwords the better off your secrets are. If you are targeted, then it can be complicated, but given what is based on my analysis they don’t have the quantum magic wand…yet.