The National Security Agency is using ‘man in the middle’ security attacks that mimic Google servers to intercept encrypted communications without the cooperation of tech companies, says a new report.
The attacks, which mimic SSL server addresses to reroute encrypted communications through the NSA pipeline, is codenamed Flying Pig and has been functional for some time, according to TechDirt. Flying Pig has reportedly attacked servers from Google, Yahoo and Microsoft.
The document published in TechDirt and citing a source known as Fantastico, was apparently taken from an NSA presentation that also contains some GCHQ (UK Government Communications Headquarters, which works in concert with the NSA) slides. The document describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
Industry watchers say the tech giants are likely to be unaware of this snooping and “won’t be very happy about it.”