(Source: Gabe Clogston)
NSA was intercepting massive amounts of data, using it, in part, to spy on Americans

On Wednesday a slide -- Entitled "Google Cloud Exploitation" -- from Obama administration's U.S. National Security Agency (NSA) leaked, revealing how agents were using cybercriminal tactics to spy on American citizens and law abiding foreigners in ally nations, alike. The NSA is working on this network penetration effort -- dubbed MUSCULAR -- with the help of the UK Government Communications Headquarters (GCHQ), England's NSA equivalent, with whom it shares Americans' sensitive data.

I. The Leak Heard Round the World

A hand drawn sketch by NSA engineers cheekily depicts the public internet feeding into (GFE) Google Front-End (GFE), with a handwritten "joke" point to GFE with the text "SSL (encryption) added and removed here!"


The move has Google -- a top donor to President Obama's 2008 and 2012 election efforts -- feeling betrayed.  Google engineers contacted by The Washington Post "exploded in profanity" when being shown the document and commented, "I hope you publish this."

And publish the post did, creating another firestorm of public -- and this time corporate -- outcry.

NSA spying taxpayers
PRISM -- an NSA effort to spy on American citizens and U.S. allies -- gets much of its data from the secret "MUSCULAR" effort. [Image Source: The People's Cube]
It appears that MUSCULAR uses one or more highly controversial methods.  First, some are suggesting that the NSA may directly hack into Google Inc. (GOOG) or Yahoo! Inc. (YHOO) servers.  While unlikely, it's within the realm of fathomable possibilities, given what we've learned in recent months.

NSA Director Gen. Keith Alexander, for what it's worth, directly denied this possibility, stating:

[We] never [hacked into Google servers]. In fact, there was this allegation last June that NSA was tapping into the servers of Yahoo or Google or our industry reps. That is factually incorrect. The servers and everything that we do with those, those companies work with us. They are compelled to work with us.

And a Yahoo spokesperson told the post:

We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.

So how is the NSA getting its data?

II. Digital Pirates of the High Seas -- How the NSA is Looting Americans Data

More likely, according to an All Things D post by Arik Hesseldahl and The Washington Post piece, the NSA is hacking into undersea fiber optic cables.  In 2001 The Wall Street Journal reported that the USS Jimmy Carter -- a nuclear submarine -- had been outfitted with equipment to siphon signals off of fiber optic cables for NSA "fibertap" efforts.  The U.S. government has also reportedly examined putting direct interception devices into points where the light-based signals are boosted and rebroadcast, in remote mid-ocean locations along the conduit.

fiber cablesUndersea cable
Cables like this ferry your data across the deep depths of the ocean. [Image Source: Unknown (left); AFP (right)]

Eric Grosse, vice president for security engineering at Google, acknowledged that data is often rebroadcast as unencrypted copies along data centers for economic reasons.  This is standard practice for most companies as tapping fiber optic signals without anybody knowing is extremely hard in practice -- particularly when your conduit is underground or at the bottom of the sea.  In practice, the technical hurdles have meant that only a government player could consider such a tactic -- although it was unclear until now whether they had.

The NSA more or less acknowledged that it was somehow getting unencrypted versions of U.S. internet firms encrpyted data -- without them being aware -- writing in response to the reports:

NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies attorney general-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.

There was a rash of cable cutting 2008, affecting five cables in and around the Middle East.  DailyTech reported on the first pair of cut undersea cables on January 31, the report of the third cable cut came in on February 4; the fourth cut cable was announced on February 5 with the final report of a cut cable coming in on February 6.  It was later revealed two of the five cable failures were due to faulty power supplies, and not physically severed cables

At the time any report that an international government might be involved was viewed as conspiracy theory.  However, given what we know now -- plus the fact that undersea cables are shield to withstand thousands of pounds of force, which the high-pressure ocean depths exert -- these incidents should certain be looked at in a new light.

Here's an infographic from The Washington Post that hints at such a possibility:

NSA hacking

As the above graphic suggests, cable tapping is a far bigger ethical issue than it appears on the surface, as these cables don't solely contain foreigners’ data.  Many companies -- including Yahoo, Google, and Facebook, Inc. (FB) shuffle American consumers data across various points in their global data center network -- a practice that plays nicely into the NSA's unspoken ambition to spy on American citizens.  This data shuffling is done partially from a resources perspective, and partially so that American citizens can enjoy stead access to their favorite services when they travel overseas for business or pleasure.

Google sign
Google say it's in a constant battle with the U.S. gov't to keep consumers data private.
[Image Source: Triple Helix Online]

Google is now working to add encryption to some of data links, but this will require significant time and investment.  Mr. Grosse told The Washington Post, "It’s an arms race.  We see these government agencies as among the most skilled players in this game."

III. Facebook, Google, Microsoft, Apple, AOL, and Yahoo! Back Bill to End NSA Spying on Americans

Now Facebook, Google, Yahoo!, and AOL, Inc. (AOL) have written a letter to the Senate protesting this collection.  Somewhat unexpectantly Microsoft Corp. (MSFT) and Apple, Inc. (AAPL) joined the effort.  While typically top legal rivals to Google, this pair appears united with Google in its opposition of NSA spying.

USA Freedom Act Letter 10-31-13.pdf

The letter is addressed to Sens. Michael S. Lee (R-Utah) and Patrick Leahy (D-Verm.) who co-sponsored the "USA Freedom Act of 2013".  In a post on the bill's introduction, Sen. Leahy argued that the intelligency agencies failed to demonstrate that the programs to spy on Americans and law abiding citizens of ally states produced any real benefits in fighting terrorism, over traditional lawful methods.

NSA Director, Gen. Alexander in a recent Senate hearing retracted his previous assertion that the monitoring efforts had stopped 54 assasination attempts or terrorist plots, saying that he believed they "possibly" stopped two.  But he was unable to produce any evidence -- on the record -- that these plots would not have been discovered and stopped without spying on Americans.

General Keith Alexander
Gen. Keith Alexander is viewed by critics as a naive, power-hungry proponent of Orwellian spying. [Image Source: DefenseTech]

In other words, despite having months to argue its case, the record shows that the NSA so far has completely failed to show that its sweeping programs of spying on Americans and citizens of ally nations has accomplished anything other than to erode civil liberties and funnel American taxpayers' money into the pockets of special interest donors.

Some view Gen. Alexander's "retirement" as the NSA director "taking the fall" for President Obama.  Critics believe that the move is designed to distract the public that spying is ongoing -- before or after Gen. Alexander's reign at the NSA.

He also noted that the Obama administration's own FISA court -- the special "spy court" that grants blanket data collection approvals for "counterterrorism" purposes, noted "system noncompliance" with the laws, as agencies like the NSA opted to spy on Americans without any sort of court permission -- regardless of whether that action broke the laws of the nation.

NSA spying
The NSA argues it has to break the law sometimes to perform its duties.
[Image Source: Activist Post]

Sen. Leahy in a comment on the undersea cable data grab revelations posted:

I am deeply concerned by reports that the NSA is breaking into the overseas communications links between data centers operated by U.S. companies.  If the reports are true, this infiltration could be sweeping in the communications of millions of Americans who use the services of these two U.S. companies every day.  I have asked the administration for a briefing on this matter.  I will be asking whether this report is accurate, what legal authority the government is using, and how they are protecting the privacy rights of law-abiding Americans.

But not all are on his side of the debate.

IV. Amazon Stays Silently Supportive of NSA; Oracle Vocally Attacks Google and Other Critics Saying Spying is "Absolutely Necessary"

With some members of Congress opposed to USA Freedom -- both the bill, and the notion in general -- they're finding some support in the tech community as well. (AMZN) a top provider of cloud computing services is rumored to have a deep relationship with the NSA, and possibly even be assisting in its cloud computing efforts.  Notably Amazon was the only major cloud service provider not listed in the leaked program slides from the NSA, suggesting the agency has a unique relationship with it.

Amazon recently scored a $600M USD contract to build a massive data center for the U.S. Central Intelligence Agency (CIA), which could also be shared with other intelligence data collection efforts -- including the NSA's.

Payroll tax cut
Some companies have lobbied to increase spying, a potential paycheck. [Image Source: CNBC]

And Oracle Corp. (ORCL) -- a high tech firm that basically started as a CIA contractor -- is taking things a step farther than Amazon's "support by silence" approach, vocally cheering the NSA's efforts to spy on Americans.

The database firm, which reportedly holds a number of contracts with the NSA and other intelligence agencies totalling billions, has gone to bat for its spying partner. CEO Larry Ellison said in an interview that spying on Americans was "absolutely necessary" and that he saw no harm in the government spying on U.S. citizens as long as the ruling regime did not use that information to crack down on its dissidents.

Larry Ellison
Oracle CEO Larry Ellison approves of the NSA spying on Americans[Image Source: Getty Images]

Amazon and Oracle's apparent support of NSA spying stands in stark contrast to Microsoft -- despite the fact that Microsoft is also a top provider of cloud services.  One key factor may be that Microsoft's Azure service has reportedly been scorned by intelligence agencies, which prefer to host their data with(and by proxy shower with taxpayer dollars) Amazon and/or Oracle.

Oracle and Amazon cumalitively paid off members of Congress to the tune of $2M USD in Q3 2012 alone.

                                      For Amazon a spy state means more profit. [Image Source: AP]

Thus while the issue of spying has for the most part unilaterally filled American citizens with disgust -- it has divided Silicon Valley, much like it has decided Congress.  Some feel the costs are not worth, it while other salivate that tens, if not hundreds of billions to be made if every man, woman, and child in America and overseas is digitally spied on American taxpayers tab.

Sources: The Washington Post, Letter from Google, USA Freedom Act of 2013, All Things D

"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

Latest Blog Posts
T-Mobile Data Problems
Saimin Nidarson - Oct 20, 2016, 10:17 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki