Ten Things We've Learned About The NSA From A Summer Of Snowden Leaks

Document Sample
Ten Things We've Learned About The NSA From A Summer Of Snowden Leaks Powered By Docstoc
					Ten Things We've Learned About The NSA
From A Summer Of Snowden Leaks
Andy Greenberg,
Sep 9 2013

 “The truth is coming, and it cannot be
stopped,” Edward Snowden told readers of
the Guardian in June. At the time, just a few
weeks into the publication of documents that
the 30-year-old former National Security
Agency contractor had siphoned from his
workstation in Hawaii, that prophetic
statement might have seemed like
grandstanding. But close to three months
later, the collection of Snowden’s revelations
has grown to the megaleak proportions of
WikiLeaks’ Cablegate or Daniel Ellsberg’s
Pentagon Papers, with no end in sight. For
those who watch the watchers, Snowden may
well have become the most important leaker
of the 21st century.
Snowden himself has managed to take refuge in
Russia and disappear from the headlines,
putting the full spotlight back onto his
bombshell documents. But as with all megaleaks, the sheer number of scoops he’s enabled threatens to
overwhelm anyone tracking the NSA’s still-growing scandal. Here are a few highlights from what
we’ve learned so far in the Summer of Snowden.
    • For more than a decade, the NSA has been working to systematically influence encryption
      standards or insert backdoors in the code of commercial encryption software to enable it
      to access Internet users’ communications, according to documents Snowden leaked to the
      Guardian, which were shared with the New York Times and Pro Publica. Though the published
      documents lack many details, the protocols the agency may have the ability to break or
      circumvent include Web encryption such as Secure Sockets Layer and Transport Security Layer,
      the Internet protocol encryption and authentication technology IPsec, common virtual private
      network systems used for anonymity and secure remote access, and Voice-Over-Internet-
      Protocol. (VoIP) The backdoor-planting projects, known as “Bullrun” in the United States and
      “Edgehill” within the NSA’s British equivalent the GCHQ, have made “vast amounts of
      encrypted Internet data…exploitable,” according to one leaked document.
    • The German newsweekly Der Spiegel wrote over the weekend that it had obtained NSA
      documents revealing that the agency has the ability to access a wide range of information
      stored on smartphones including iPhones, Blackberrys, and those running Google’s
      Android operating system. That information includes contacts, text message traffic, and
      location data–the paper alludes to the NSA’s compromise of “38 iPhone features.” Despite
      losing access to Blackberry’s messaging systems in 2009 after a change in how the company
                                               compressed data, the agency noted in a document
                                               that a breakthrough allowed it to regain access in
                                            • Snowden-leaked documents obtained and partially
                                               published by the Washington Post revealed the
                                               makeup of the so-called Black Budget, the $52.6
                                               billion of government funding spent on classified
                                               programs. The budget showed that the NSA received
                                               $10.8 billion for the year 2013, second only to the
                                               CIA’s $14.7 billion. The budget confirmed that the
                                               NSA employs an elite hacking team it calls Tailored
                                               Access Operations, revealed the agency’s focus on
                                               hacking network routers and switches rather than
                                               servers and PCs, and exposed a program to combat
                                               “insider threats” by investigating 4,000 employees,
  which was (ironically) shelved to focus on reacting to WikiLeaks’ disclosures in 2010. The
  budget also outlined how much telecom firms are paid for their cooperation with the NSA’s
• Newly-revealed surveillance targets for the NSA, according to various Snowden leaks,
  include the presidents of U.S.-friendly countries such as Brazil and Mexico, international
  organizations like the U.N. and E.U.–going so far as to bug embassies and hack the U.N.’s
  video conferencing systems–and Al Jazeera, the first revelation that the NSA has surveilled
  journalists. Earlier leaks, published by the Guardian, included a program that mapped out the
  frequency of NSA’s surveillance by country, showing a focus on the Middle East but also
  including American targets. Another document confirmed that President Obama has asked the
  NSA to draw up a list of potential cyberattack targets, including ones that could potentially
  disable enemy infrastructure.
• Internal audit documents from the NSA, obtained by the Washington Post, show that the
  agency found 2,776 incidents in which its staff had broken its own rules governing
  surveillance in the year leading up to May 2012. In one case, a surveillance operation continued
  for three months before the Foreign Intelligence Surveillance Court, which is designed to
  oversee the agency, first heard about it and ruled it unconstitutional. In another comic example,
  analysts collected phone calls from the Washington area because its “202″ area code was
  confused with Egypt’s country code, “20.”
• Even when the NSA follows its internal rules, it’s offered a surprising number of regulatory
  loopholes. A document
  published by the
  Guardian showed that the NSA
  makes broad exceptions to its
  mission of only spying on
  foreign targets. That includes
  collecting and storing
  information on Americans
  when it’s judged to contain
  “significant foreign intelligence”
  information, information about a
  crime that has been or may be
  about to be committed, is related
    to “the unauthorized disclosure of national security information,” or is involved in assessing “a
    communications security vulnerability.” In another exception, any encrypted data can also be
    held long enough to crack it.
•   Documents given to the Guardian revealed that the NSA helps to fund the spying operations
    of Britain’s GCHQ, in part to take advantage of the U.K.’s more relaxed regulations of its
    intelligence sector. Over three years, the NSA gave more than $150 million to British
    intelligence services, and 60% of GCHQ’s “refined intelligence” also reportedly came from the
    NSA’s analysis.
•   Other documents focusing on GCHQ and published by the Guardian showed that the British
    intelligence service has the ability to tap transatlantic fiberoptic cables for raw Internet
    data, much of which is shared with the NSA.
•   In a slideshow first published in part by the Washington Post, a program known as
    PRISM reportedly allowed direct access to the servers of companies including Google,
    Apple, Facebook, Microsoft, and others. Most of the companies implicated in PRISM denied
    any such access, but several, including Apple and Facebook, responded by offering details for
    the first time about how often they cooperate with surveillance requests from the NSA and from
    law enforcement.
•   The Guardian kicked off the Snowden saga in June with an order sent to Verizon on behalf of
    the NSA demanding the cell phone records of all of Verizon Business Network Services’
    American customers for a three month period. The order, which dealt with only those users’
    metadata,specifically requested Americans’ records. In the following days, Senators Saxby
    Chambliss and Diane Feinstein publicly stated that similar orders have been issued to telecoms
    for the last seven years.


Description: “The truth is coming, and it cannot be stopped,” Edward Snowden told readers of the Guardian in June.