NYU Left A Secret Encryption-Busting Computer Project Exposed On The Internet By Mistake

For illustrative purposes, above is the Titan Cray XK7,  nation’s most powerful supercomputer for open science at the The Oak Ridge Leadership Computing Facility
For illustrative purposes, above is the Titan Cray XK7, nation’s most powerful supercomputer for open science at the The Oak Ridge Leadership Computing Facility

It’s pretty rare for the public to know what America’s intelligence and military agencies are working on, because they do everything in their power to keep it secret. Obviously. But, for reasons unknown, a server at New York University’s Institute for Mathematics and Advanced Supercomputing left exposed confidential information on a highly-advanced code-breaking computer named WindsorGreen, The Intercept reported.


Adam, an American digital security researcher, stumbled upon it while engaging in his hobby of “looking for things that are on the internet that shouldn’t be.”

Basically, one of the world’s most powerful encryption-busting projects was available for every average Joe and Jane to see. For those of us who use WhatsApp, Signal and online banking, encryption is our primary projection against hacking. But the NSA is always looking go around encryption by finding programming flaws in apps or improperly configured devices. Advanced systems like WindsorGreen are built to do just that with unheard-of levels of complexity:

The documents, replete with intricate processor diagrams, lengthy mathematical proofs, and other exhaustive technical schematics, are dated from 2005 to 2012, when WindsorGreen appears to have been in development. Some documents are clearly marked as drafts, with notes that they were to be reviewed again in 2013. Project progress estimates suggest the computer wouldn’t have been ready for use until 2014 at the earliest. All of the documents appear to be proprietary to IBM and not classified by any government agency, although some are stamped with the aforementioned warnings restricting distribution to within the U.S. government. 

As The Intercept reports, the supercomputing initiative, administered by NYU, the Department of Defense, and IBM, was available to the world before the Adam notified NYU. Adam, who declined to provide his full name, said he didn’t have to breach any of NYU’s security because there wasn’t a single password or username that protected the hundreds of pages that were marked with “DISTRIBUTION LIMITED TO U.S. GOVERNMENT AGENCIES ONLY,” “REQUESTS FOR THIS DOCUMENT MUST BE REFERRED TO AND APPROVED BY THE DOD,”and “IBM Confidential.”

An NYU spokesperson told The Intercept their none of their security systems were breached, which is technically correct, but the documents had no password or firewall protection, so anyone could just take them at will with no resistance.

For folks in the encryption world, nothing like WindsorGreen has ever been seen before:

Experts who reviewed the IBM documents said WindsorGreen possesses substantially greater computing power than WindsorBlue, making it particularly adept at compromising encryption and passwords. In an overview of WindsorGreen, the computer is described as a “redesign” centered around an improved version of its processor, known as an “application specific integrated circuit,” or ASIC, a type of chip built to do one task, like mining bitcoin, extremely well, as opposed to being relatively good at accomplishing the wide range of tasks that, say, a typical MacBook would handle. One of the upgrades was to switch the processor to smaller transistors, allowing more circuitry to be crammed into the same area, a change quantified by measuring the reduction in nanometers (nm) between certain chip features.


Head on over to The Intercept to read the whole thing. It’s worth it.

Terrell Jermaine Starr is a senior reporter at The Root. He is currently writing a book proposal that analyzes US-Russia relations from a black perspective.



Why do they have to specify “advanced” supercomputing? Are there Institutes of Average Supercomputing? Or Institutes of Remedial Supercomputing? Isn’t it all pretty advanced?