The US National Security Agency (NSA), in collaboration with the UK government’s listening station GCHQ, has secretly broken into the main communications links that connect Yahoo and Google data centres around the world, according to interviews with knowledgeable officials and documents obtained from former NSA contractor Edward Snowden.
Click image above to enlarge graphic
By tapping those links, the agency can collect at will from among hundreds of millions of user accounts. The NSA does not keep everything it collects, but it keeps a lot.
According to a top-secret document dated 9 January 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records, ranging from “metadata”, which indicates who sent or received emails and when, to content such as text, audio and video.
The NSA’s principal tool to exploit the data links is a project called Muscular, operated jointly with GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fibre-optic cables that carry information between the Silicon Valley giants.
The infiltration is striking because the NSA, under a separate programme known as Prism, has front-door access to Google and Yahoo user accounts through a court-approved process.
The Muscular project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency has a wide range of tools for high-tech spying, but it has not been known to use them routinely against US companies.
White House officials and the Office of the Director of National Intelligence, which oversees the NSA, declined to confirm, deny or explain the agency’s infiltration of Google and Yahoo networks overseas.
In a statement, Google said it was “troubled by allegations of the government intercepting traffic between our data centres, and we are not aware of this activity”.
The company added: “We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links.”.
At Yahoo, a spokeswoman said: “We have strict controls in place to protect the security of our data centres, and we have not given access to our data centres to the NSA or to any other government agency.”
Under Prism, the NSA already gathers huge volumes of online communications records by legally compelling US tech companies, including Yahoo and Google, to turn over data matching court-approved search terms.
In order to obtain free access to data centre traffic, the NSA had to circumvent gold-standard security measures. In one of its blog posts, Google says it “goes to great lengths to protect the data and intellectual property in these centres”, with tightly audited access, heat sensitive cameras, 24-hour guards and biometric identity verification.
In an NSA presentation slide on “Google Cloud Exploitation”, however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.
Two engineers with close ties to Google exploded in profanity when they saw the drawing. “I hope you publish this,” one of them said.
In 2011, when the Foreign Intelligence Surveillance Court learned that the NSA was using similar methods – on a smaller scale – to collect data streams from cables on US territory, Judge John D Bates ruled that the programme was illegal under the Foreign Intelligence Surveillance Act and inconsistent with the requirements of the Fourth Amendment.
© The Washington Post