They all do, and in most of them there are obvious errors in processes or rights assignments. It is pretty rare to come across a company that takes the threat from within serious. That's the whole reason Snowden could do what he did and if the NSA gets it wrong then there is a fair chance that your average corporation has faults as well.
"""
For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."
"""
My understanding is that they record encrypted traffic too. They can't read any of it - yet.
But they're betting one day either a security vulnerability will be discovered, or computers will be fast enough to attack the encryption and allow them to read the data. So even though it's unreadable today, it might be in 10 years.
Even 5EB would be a stretch for 2013. 5ZB is flat-out impossible. As another poster points out, that's years' worth of total worldwide drive shipments (most sources put it at less than 1ZB in 2013). Large buyers are further constrained by the fact that their demand can cause price spikes even at much lower percentages of the total. Not even No Such Agency has that kind of budget. The Utah facility also isn't physically big enough for that figure to hold. I work on large storage systems at one of those large buyers, and I've toured one of the several data centers where ours live. NSA's Utah data center looks to be on approximately the same scale, not orders of magnitude bigger. It's further plagued by power problems, which is another constraint on total size.
So I looked into that quote from the NSA director. What was actually said, apparently, was that the center was designed to hold up to 5ZB, not that it actually did. That seems to be a design based on some extremely optimistic assumptions about future drive density, power consumption, and cost. Needless to say, those assumptions were a bit silly at the time and have only seemed more so in retrospect.
For platter or SSD drives, sure. Some forms of magnetic tape storage can get up to 300 TB per cartridge though, which can scale up to petabytes in the right config.
Still ridiculous for information that is worth less and less over time.
Do you have a source for that 100 million figure? It strikes me as awfully low considering how many personal computers must surely exist in the world and how often they'd be replaced without reusing the drives, not even factoring in servers.
I remember hearing a speech by a quantum computing researcher that was primarily funded by the NSA. He included an anecdote about how “they would prefer quantum computing didn’t exist, but if it’s going to exist - they want the first one”.
Not even limited to 'the government'. Improperly sanitized network gear shows up in second-hand markets all around the world. Happened at a former employer of mine and a 'finder' attempted to extort us over it. VPN PSKs on the equipment were still in use in the field (no PFS either, so years of captured content could ostensibly have been decrypted).
Even equipment that appears to have been cleared out is probably hiding secrets in flash. The vendor of the equipment in this case had a separate command to wipe file contents. Deleting files just unlinked them in the flash fs.
Yep, I personally bought a Cisco firewall off of eBay several years ago that still had its entire configuration on it, including the PSKs for several IPSec VPN connections as well as SNMP (v2) communities, weak "type 7" hashes for local user accounts, the shared secrets for a pair of RADIUS servers, and so on.
Pretty much all of them (with the exception of the VPN PSKs) were sufficiently "generic" enough that I was convinced that they weren't device-specific, i.e., they were probably shared across many such devices.
According to the login banner, the firewall came from a casino.
I'm certain that my experience was not a unique one.
This is a claim that has been made about the Total Information Awareness program, its offshoots and, specifically, the NSA's big datacenter that was in the news some years ago: that one of the things the NSA are doing is collecting all the data they can in the hope they can make sense of it later, even I'd they can't now.