How did TAO or the NSA’s “Tailored Access Operations” read the encrypted emails of Blackberry Enterprise users, according to the Snowden revelations?
First, nobody knows for sure how they did it. But there are some suspicions that make for a teachable moment. For example, they may have used zero day exploits to gain access to the individual targeted phones. Zero day exploits are software vulnerabilities which are unknown to the software developers so they haven’t been patched. These weaknesses are holes which let hackers reach through to install their own keyloggers, spyware, or remote control functions.
Next, TAO may have compromised the Blackberry servers. Or there may have been a backdoor installed, secretly, in an agreement between the US government and Blackberry. Blackberry would be bound to secrecy based on a gag order and/or non-disclosure agreements.
TAO regularly uses man-in-the-middle attacks to hack people’s computers or phones. They intercept web traffic before it reaches its destination and impose their own fake websites which look like the real thing. People then click on these fake links, which cause malicious downloads, rootkits, and other toxic code onto their computers. They might use the fake website to get you to enter your password so they find out what it is. Then they can access your account whenever they like. If you are using SSL/TLS, they can use fake certificates to decrypt your data.
The US uses NSL’s or “national security letters” to demand private tech companies spy on people, log their IP searches, etc., and the provider is not legally allowed to disclose this or face criminal prosecution. This includes the placing of NSA backdoors. It is widely believed that Microsoft still has a NSA backdoor in Windows. A researcher confirmed this in Windows many years ago. Microsoft is a Deep State partner going back decades.
TAO has access to brute-force computing methods. These are used to try trillions of combinations of letters and numbers to guess your passwords. Most people use passwords that are far too simple, not long enough, and lack complexity because long and random passwords are very hard to remember. People also tend to reuse passwords. Your password is probably already known to at least a few hackers on the Dark Web because websites are hacked all the time and passwords are released on the Dark Web and sold there, too. If you use the same password for multiple sites, they get everything. Another way is by looking at the security questions for your password reset Usually these questions are easy to answer if you are the government. “What is your mother’s maiden name?” is available to the glowies in no time, flat, using Xkeyscore. PRISM is the NSA program that gives the feds direct open access to the email servers of Google, Yahoo, and other major providers. One press of a button and they are there.
The feds also have paid off informants in major tech companies, such as secretaries and IT leads who are willing to disclose insider security information for the right price, or to seek revenge against the company if they feel wronged. The CIA does this to foreign companies and nations all the time. This is their version of social engineering, only more effective. And this doesn’t get into the normal means of social engineering used against customer service. SIM swapping is an example of this, too. This is where someone pretends to be you and calls into customer service at your phone company and gets them to switch providers or send them a copy of your SIM card. Once they have this they are able to receive your calls and text messages, including 2FA SMS texts.
It was also revealed that Blackberry encrypted email was not end-to-end encrypted, so compromising the servers would enable a hacker to access the contents of the emails. Google and Yahoo Mail are not end-to-end encrypted, meaning they can read your email, and they do. They read these to send you targeted ads. And the feds have a backdoor so they read them, too. ProtonMail and Tutanota are end-to-end encrypted, or at least claim to be, so even they shouldn’t be able to read your email contents. For very sensitive communications, you shouldn’t rely on the trust of any outside entity, including ProtonMail or Tutanota. You need to self-encrypt the contents of your email and use a strong password or pgp key to encrypt them. For example, you might compose your email as a text file and then save the message as a 7-Zip encrypted archive with a strong password. This uses AES-256 encryption, which is currently the same standard used by the NSA to encrypt its own sensitive and classified communications. Even better, consider then encrypting this encrypted archive using a RSA-4096 pgp key. You would then use another secured way to send the password to your recipient. For example, you might use Session Messenger, for example. Or Briar Messenger. If you are a Yahoo or Gmail user, you can still send secure messages using an extension for your browser called “Mailvelope.” It lets you encrypt your messages using pgp.
The NSO Group’s Pegasus spyware didn’t exist when the Blackberry emails were hacked. The Pegasus mercenary spyware is military-grade attack software. They send a text message to your phone and it is infected. You don’t have to click on anything. Zero clicks. It then downloads a rootkit that unlocks your bootloader on your phone. Then it can install itself persistently, meaning rebooting your phone won’t make a difference. In the past you could reboot your phone and it would be erased. No more. And you would have to click on a link to make yourself vulnerable. Again, no more. Pegasus is invisible and you don’t know it is there. It steals your passwords via a keylogger, and then your encrypted communications from Signal or wherever are accessible to the attackers. Your data is stolen and encrypted, and then sent to NSO’s covert CNC servers. Regular antivirus software doesn’t detect Pegasus. You have to use Amnesty International’s MVT Mobile Verification Toolkit software. This is available here.