How the NSA Exploits VPN and VoIP Traffic
These four slides, released yesterday, describe one process the NSA has for eavesdropping on VPN and VoIP traffic. There’s a lot of information on these slides, though it’s a veritable sea of code names. No details as to how the NSA decrypts those ESP—”Encapsulating Security Payload”—packets, although there are some clues in the form of code names in the slides.
Jan • March 13, 2014 11:08 AM
H.323 traffic can easily be decrypted when you act as a man-in-the-middle as the HAMMERSTEIN component does on page 4 of the slides. Its because virtually all vendors skip the (TLS) encryption of the signaling channel and the Diffie-Helmann keys are unprotected.
See my analysis of H.323 encryption on http://www.gnugk.org/h323-encryption.html.