NYU Accidentally Exposed Secret NSA Encryption Cracking Project

A secret super computing project to crack encrypted data that is being run by New York University (NYU), IBM, and the Department of Defense was recently revealed to the public, but not intentionally. The project, known as WindsorGreen, was revealed when the software and hundreds of pages of documents detailing the project were stored on a backup hard drive that was accidentally shared on the public internet. It is extremely probable that WindsorGreen was designed for use by the NSA. WindsorGreen is the successor to the password cracking software known as WindsorBlue. The existence of WindsorBlue was revealed in NSA documents leaked by former NSA contractor and whistleblower Edward Snowden.

The existence of WindsorGreen was discovered by a computer security researcher who wishes to remain anonymous. “The fact that this software, these spec sheets, and all the manuals to go with it were sitting out in the open for anyone to copy is just simply mind blowing,” the anonymous computer security researcher told The Intercept. The anonymous computer security researcher found the NYU server that was hosting WindsorGreen, and the documents related to it, using the Shodan search engine. None of the WindsorGreen files were password protected. Documents found on the NYU server about the project dated from 2005 to 2012, with a note that the project would be reviewed in 2013. According to the documents, the earliest the program would be operational would have been in 2014. The documents stated that they were only to be shared with US government agencies.

Both WindsorGreen and WindsorBlue run on specialized hardware built by IBM that uses ASIC microchips. ASIC stands for Application-Specific Integrated Circuit, which are microchips that are custom made for a single specific use. ASICs are often used to mine Bitcoin and similar cryptocurrencies. ASICs are not very good for general purpose computing, but are able to do the single task they are made for much better than regular processors can. In the case of the Windsor programs, the ASICs are used to crack encrypted data and passwords.

WindsorGreen is speculated to run on exascale supercomputers. Exascale supercomputers can perform a billion billion calculations per second. President Obama signed an Executive Order in July of 2015 which created the National Strategic Computing Initiative, an initiative which sought to accelerate the development of exascale supercomputers. According to the documents on the NYU server, the hardware which would run WindsorGreen would be able to vastly outperform all of the world’s current fastest known supercomputers at cracking cryptography.

WindsorBlue technology has been shared with other countries in the Nine Eyes intelligence alliance. Norway is one of the Nine Eyes countries that has acquired supercomputer technology derived from WindsorBlue, called SteelWinter. The NSA advised the Norwegian Intelligence Service on how to build such a supercomputer and helped them to develop decryption software for it. According to the leaked memo from Edward Snowden, the Norwegian government spent the equivalent of $100 million US dollars over a period of five years on building their SteelWinter program. The United Kingdom’s GCHQ, which is part of the more exclusive Five Eyes intelligence alliance, had also considered purchasing a WindsorBlue system to help the agency crack passwords. While the US government is comfortable with sharing WindsorBlue technology with certain allies, because of the mistake at NYU, the even more advanced WindsorGreen may have been unknowingly shared with countries such as China and Russia.

Aside from cracking passwords and encryption, WindsorGreen could also possibly be used to forge digital signatures. Forged signatures could be used to get a target to install malware by faking an update to an app. The vast computing power the NSA has developed still is likely not enough to break encryption which uses long keys and passwords. However, the NSA and IBM are continuing to try to develop a working quantum computer, which would much more easily crack most well encrypted data. When that day comes, quantum-proof cryptography will be waiting to defend users against those who seek to crack their encrypted data with quantum computers.