WindsorGreen : DOD secret code-breaking project found unencrypted on the Internet

WindsorGreen / DOD
Photo by hackNY

According to a recent report from The Intercept, a joint project of IBM, NYU and the US Department of Defense called “WindsorGreen” was found by a security researcher looking for open devices on the Internet. The files were found on a computer at the New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the Chudnovsky brothers, David and Gregory.

The program details a hacking system with the kind of complex math needed to take down encryption and brute-force attack passwords. The project seems to have been in development between 2005 and 2012.

Surprisingly, the “WindsorGreen” files that were stored on a backup drive connected to an NYU server were not encrypted. While the documents describe a very advanced and powerful code-breaking project, according to what hacker and computer researcher Andrew “Bunnie” Huang told The Intercept that if one is using the latest encryption, then there was nothing to worry about. “Even if [WindsorGreen] gave a 100x advantage in cracking strength, it’s a pittance compared to the additional strength conferred by going from say, 1024-bit RSA to 4096-bit RSA or going from SHA-1 to SHA-256.” he said.

“WindsorGreen” was the successor to another password-cracking machine used by the NSA, “WindsorBlue,” which was also  documented in the material leaked from NYU and which had been previously described in the Norwegian press thanks to a document provided by National Security Agency whistleblower, Edward Snowden. Both systems were intended for use by the Pentagon and a select few other Western governments, including Canada and Norway.

The story is interesting and is a cautionary tale about being diligent when setting up a network and encrypting everything that could be sensitive. The now exposed project is over 5 years old.

Who knows what is currently in the pipes for government funded hacking projects like this one.

Source: The Intercept  / EnGadget

Photo by hackNY