Did the US exploit a vulnerability that made it possible to snoop on data traffic that was thought to be secure?
That’s been the question for the past 24 hours after news of the LogJam vulnerability became publicly known.
Now Edward Snowden has added his two cents on the issue.
Put simply, LogJam is a vulnerability that rests in encrypted internet traffic. When someone accesses a website that is ‘encrypted,’ it was thought to mean that the data being transferred can only be seen by the sender and the recipient.
This new issue, which was announced yesterday, shows that it is possible for large-scale online operations to actually intercept this data without anyone noticing and even being able to alter it. So even so-called secure data isn’t safe from external snooping thanks to this LogJam bug.
Even though the discovery is a big one — it shows that previous conceptions of internet security are actually false — many experts weren’t sure how likely it was that the vulnerability was exploited.
Today Edward Snowden took part in a Reddit AMA and offered his own unique views.
A Redditor asked whether the exiled whistleblower believed that the NSA capitalised on this newly discovered vulnerability.
So this attack was published just yesterday, I believe. I had a private talk recently with several of the best cryptographers and computer security researchers in the US at Princeton, including some of the authors of the paper. I’ve spoken with some of them in the wake of this publication, and the general consensus was that they would be amazed if the NSA was not doing this, and in fact a close reading of some of the previously published NSA documents on efforts against VPN connections implies a similar effort. All I can say is that I share their suspicions, but I simply do not know the answer one way or another. I don’t want to mislead anybody by speculating.
Given that the attack you cite, which can just as easily be performed by any government from Belgium to China is a product of previous efforts by the US Government to weaken encryption standards, members of Congress should be writing letters to the Director of National Intelligence to find out why the NSA failed to close a vulnerability that left huge percentages of American (and international) internet traffic at risk.
Without so much as saying the US did know about LogJam, Snowden is incredulous about how the government couldn’t know. LogJam’s existence is predicated on lax encryption standards from the ’90s. So while Snowden can’t be sure, he is (at the very least) suspicious.
We’ll likely never know the extent to which LogJam (or any other vulnerability) has been acted on by the government. But Snowden, who took this time on Reddit to urge people to work to stop the government’s data collection program, sees this as an indication of what is possible.
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.