Published on Wednesday, October 30, 2013 by Common Dreams
Without their knowledge or permission, the National Security Agency has broken into the global data centers of Yahoo! and Google, the Washington Post is reporting on Wednesday.
In a report that terms the specific NSA surveillance program as "unusually aggressive," the newspaper claims that leaked documents provided by whistleblower Edward Snowden show how the operation, codenamed MUSCULAR, allowed the agency to access the "cloud networks" of the two internet giants and "collect at will from among hundreds of millions of user accounts, many of them belonging to Americans."
Two engineers with close ties to Google exploded in profanity when they saw the leaked drawing from the NSA: “I hope you publish this,” one of them said.
"The NSA does not keep everything it collects," the Post reports, "but it keeps a lot."
Though the stream of information generated by the Snowden leaks seems endless, these latest revelations come amid growing concern both in the U.S. and abroad about the unrivaled power of the NSA when it comes to accessing information that was otherwise thought protected.
In this case, it is the internet giants themselves who seem most caught off guard over the revelations. Since the Snowden leaks first began, these companies (along with others) have been criticized for allowing the NSA specific kinds of access to their customer data. As the Post reports, however, disclosure of the MUSCULAR program becomes "especially striking,"
because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.When asked by the Post if they were aware of the program, both Yahoo! and Google adamantly said they did not know and expressed deep concern—anger, in fact—that the NSA had possibly infiltrated their private, highly secure, "cloud" networks.
The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.
As the Post explains:
In order for the data centers to operate effectively, they synchronize high volumes of information about account holders. Yahoo’s internal network, for example, sometimes transmits entire e-mail archives — years of messages and attachments — from one data center to another.Whether those in the outraged public will find sympathy with the likes of Google and Yahoo!, the exposure of MUSCULAR shows the degree to which online data—even that which was thought to be more secure—is susceptible to the reach of the NSA.
Tapping the Google and Yahoo clouds allows the NSA to intercept communications in real time and to take “a retrospective look at target activity,” according to one internal NSA document.
In order to obtain free access to data center traffic, the NSA had to circumvent gold standard security measures. Google “goes to great lengths to protect the data and intellectual property in these centers,” according to one of the company’s blog posts, with tightly audited access controls, heat sensitive cameras, round-the-clock guards and biometric verification of identities.
Google and Yahoo also pay for premium data links, designed to be faster, more reliable and more secure. In recent years, each of them is said to have bought or leased thousands of miles of fiber optic cables for their own exclusive use. They had reason to think, insiders said, that their private, internal networks were safe from prying eyes.
In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.
Two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.
One of the other key takeaways from the Post reporting is how this particular program seemed to target communication hubs and data centers located outside of the U.S., showing that legal requirements, though clearly not effective overall, certainly have an impact on the manner in which the NSA operates. Again, from the report:
Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.
Outside U.S. territory, statutory restrictions on surveillance seldom apply and the Foreign Intelligence Surveillance Court has no jurisdiction. Senate Intelligence Committee Chairwoman Dianne Feinstein has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333 , which defines the basic powers and responsibilities of the intelligence agencies.
John Schindler, a former NSA chief analyst and frequent defender who teaches at the Naval War College, said it was obvious why the agency would prefer to avoid restrictions where it can.
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” he said. “It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”
___________________________________________
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License
..........
Snowden leak: NSA secretly accessed Yahoo, Google data centers to collect information
Despite having front-door access to communications transmitted across the biggest Internet companies on Earth, the National Security Agency has been secretly tapping into the two largest online entities in the world, new leaked documents reveal.
Those documents, supplied by former NSA contractor Edward Snowden and obtained by the Washington Post, suggest that the US intelligence agency and its British counterpart have compromised data passed through the computers of Google and Yahoo, the two biggest companies in the world with regards to overall Internet traffic, and in turn allowed those country’s governments and likely their allies access to hundreds of millions of user accounts from individuals around the world.
“From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants,” the Post’s Barton Gellman and Ashkan Soltani reported on Wednesday.
The document providing evidence of such was among the trove of files supplied by Mr. Snowden and is dated January 9, 2013, making it among the most recent top-secret files attributed to the 30-year-old whistleblower.
Gen. Keith Alexander, the head of the NSA, told reporters Wednesday afternoon, "I don't know what the report is," according to Politico, and said his agency is "not authorized" to tap into Silicon Valley companies. When asked if the NSA tapped into the data centers, Alexander said, "Not to my knowledge."
According to the latest leak, the NSA and Britain’s Government Communications Headquarters are conducting similar operations targeting the users of at least two of these companies, although this time under utmost secrecy.
“The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process,” the Post noted.
And while top-brass in the US intelligence community defended PRISM and said it did not target American Internet users, the newest program — codenamed MUSCULAR — sweeps up data pertaining to the accounts of many Americans, the Post acknowledged.
The MUSCULAR program, according to Wednesday’s leak, involves a process in which the NSA and GCHQ intercept communications overseas, where lax restrictions and oversight allow the agencies access to intelligence with ease.
“NSA documents about the effort refer directly to ‘full take,’ ‘bulk access’ and ‘high volume’ operations on Yahoo and Google networks,” the Post reported. “Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.”
Read More Here
..........
Citing documents obtained from former NSA contractor Edward Snowden and interviews with officials, the Washington Post claimed the agency could collect information "at will" from among hundreds of millions of user accounts.
The documents suggest that the NSA, in partnership with its British counterpart GCHQ, is copying large amounts of data as it flows across fiber-optic cables that carry information between the worldwide data centers of the Silicon Valley giants.
The story is likely to put further strain on the already difficult relations between the tech firms and Washington. The internet giants are furious about the damage done to their reputation in the wake of Snowden's revelations.
In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations.
"We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," he said.
"We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."
Yahoo said: "We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."
According to a top-secret document cited by the Post dated 9 January 2013, millions of records a day are sent from Yahoo and Google internal networks to NSA data warehouses at the agency's headquarters in Fort Meade, Maryland. The types of information sent ranged from "metadata", indicating who sent or received emails, the subject line and where and when, to content such as text, audio and video.
The Post's documents state that in the preceding 30 days, field collectors had processed and sent on 181,280,466 new records.
Internet firms go to great lengths to protect their data. But the NSA documents published by the Post appear to boast about their ability to circumvent those protections. In one presentation slide on "Google Cloud Exploitation," published by the Post, an artist has added a smiley face, in apparent celebration of the NSA's victory over Google security systems.
Read More Here
..........
NSA intercepts Google, Yahoo traffic overseas: report
SAN FRANCISCO |
(Reuters) - The National Security Agency has tapped directly into communications links used by Google
and Yahoo to move huge amounts of email and other user information
among overseas data centers, the Washington Post reported on Wednesday.
It was unclear how the NSA accessed the links.The report, based on secret NSA documents leaked by former contractor Edward Snowden, appears to show that the agency has used weak restrictions on its overseas activities to exploit even major U.S. companies' data to a far greater extent than previously realized.
Previously reported programs included those that allowed easy searches of Google's, Yahoo's and other Internet giants' material based on court orders. But because the interception in the newly disclosed effort, code named MUSCULAR, occurs outside the United States, there is no oversight by the secret intelligence court.
Google, which recently said it is speeding its efforts to encrypt internal traffic, told Reuters: "We're troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity."
Read More Here
..........
No comments:
Post a Comment
Hello and thank you for visiting my blog. Please share your thoughts and leave a comment :)