NSA Hacks Google, You Need To See The Bigger Picture

| November 1, 2013 | 24 Replies
NSA Hacks Google, Want to See The Bigger Picture?

NSA Hacks Google, The Bigger Picture

Chris Dougherty
VirtualThreat, Contributing Writer

 

NSA Hacks Google. How could it affect you? Emails? Online searches? Think bigger…

Recently it was leaked that the National Security Agency tapped into primary overseas communication links that connect Yahoo and Google data centers around the world. According to former NSA contractor Edward Snowden, the agency has access to raw data from hundreds of millions of internet users, and many of them are Americans.

This is not the first disclosure from Snowden about NSA operations. Snowden is currently living in Russia after being granted temporary asylum following his release of other top secret NSA documents, including those about another agency surveillance program called PRISM. As expected, the U.S. Government would like to have a word with Mr. Snowden about the theft and unauthorized disclosure of that top-secret information.

According to a Washington Post article, a top-secret accounting dated January 9th 2013 provides evidence that the NSA‘s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to government data warehouses in Fort Meade, MD. In the 30 days prior to the report being released, the report states NSA analysts had processed more than 180 million records. By tapping those pipelines, the agency has access to not only the metadata, which includes information telling who sent what message and when, but analysts also have access to all of the raw data including text, audio and video.

The following slide was taken from a National Security Agency presentation on “Google Cloud Exploitation”.  It shows that while most traffic passing from internet users to Google is encrypted, the traffic passing back and forth on the networks connecting Google data centers is in an unencrypted, or “clear text” format.

NSA "Google Cloud Exploitation" Presentation

NSA “Google Cloud Exploitation” Presentation

The primary tool that the NSA uses to infiltrate the data links is called MUSCULAR. The program is operated jointly between the National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ). MUSCULAR allows the agencies to copy raw data flows across fiber-optic lines that carry information between the Google data centers.

It is important to note that this program is different than the previously disclosed PRISM program, which gathers user information from court orders.  Instead, the MUSCULAR program targets tech companies and collects user data without their knowledge.

Google’s Chief Legal Officer, David Drummond, said the following in response to the news that the National Security Agency had secretly broken into the main links connecting Google’s data centers:

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

However, in the past we have heard stories about Google cooperating with the NSA in joint operations. Last summer VirtualThreat.com posted a story about the Department of Justice asking for a court order to keep the Google and NSA partnership a secret. However, in this case it seems the search giant had no prior knowledge of the NSA’s activity.

 

In response to the allegations that the NSA had broken into Google’s network the National Security Agency released the following statement:

“NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies Attorney General-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

On October 30th, at the Bloomberg Cyber Security Conference in Washington D.C., the head of the National Security Agency, General Keith Alexander, said:

“I can tell you factually we do not have access to Google servers, Yahoo servers…We go through a court order. We issue that court order to them through the FBI. And its not millions, its thousands of those that are done. And its almost all against terrorism and other things like that. It has nothing to do with U.S. persons.”

 

The PRISM program allows the NSA to gather huge amounts of internet communications by legally compelling U.S. tech companies, including Gooogle, to cooperate with officials and turn over all data that matches court approved search queries. That program. also disclosed by Edward Snowden, is authorized under Section 702 of the FISA Amendments Act. PRISM operations are overseen by the Foreign Intelligence Surveillance Court (FISC).

It doesn’t take a rocket scientist to see the clear advantages for the NSA with regard to their decision to intercept communications using MUSCULAR and overseas access points. With less oversight and looser regulations the agency has the ability to collect data from tech giants like Google using “full take”, “bulk access” and “high volume” operations.

These large scale collection operations would be illegal in the United States, however they are taking place overseas. Here the NSA can assume that anyone with information traversing these links must in fact be a foreigner.

What Are The Implications of a Program Like MUSCULAR?

Many people are saying to themselves “Sure, but how does this affect me?”. Most people only think about Google being used for online searches and email. But did you know Google also has privately branded services that are being used by corporations, non-profit organizations and educational institutions?

For example, my own daughter uses Gmail and Google Drive for her school projects. Her school has assigned every student with a Google email address and a login for the school’s Google Drive account. Google Drive is a service where classroom documents are often stored.

In addition, a company that I worked for in the past used “Google Apps for Business” in order to provide email accounts, chat/voice/video conferencing, document storage and calendaring for its employees. By tapping primary Google data center links, the government potentially has access to all types of information.

Google has many service offerings that provide everything from internet searches and email to video conferencing and private data storage. Did you know Google recently bought Motorola Mobility and is now manufacturing mobile phones?

Google is also the creator of the Android software that runs on many mobile phones and internet tablets. Millions of individuals and organizations around the world trust Google to store their data securely away from the prying eyes of hackers and others that would use that information for their own advantage.

To get an idea of how much private information might be traveling across those Google data center links, take a look at the following info-graphic. It only shows a portion of the products offered by Google, but you quickly gain a better understanding of how much data potentially flows across the Google wires.

Google Products...more than just simple email and online searches.

Google Products…more than just simple email and online searches.

Still think the government only has access to your online search histories and email? One of the coolest/scariest things I’ve noticed recently is the facial recognition software being deployed by Google and other social networking sites like Facebook. Have you ever noticed when you upload photos of people to a site like Picaso or Facebook you are immediately prompted to tag the names of other people in the image?

Typically the software has already completed the hard work of identifying individuals for you, all you have to do is confirm the selections made by the underlying program.

Google has added the capability to instantly recognize people, places, objects and text in photographs both on the internet and on your hard drive. Don’t believe me? Watch the following video and then test it for yourself at http://images.google.com.

When you perform your tests try using photos of celebrities, politicians, TV/radio hosts, musicians, local Realtors, and so on. Let me know your results in the comments below this article.

 

 

Considering the fact that Google indexes nearly every web page and photograph on the open internet, try to imagine the vast amounts of identity information that must be traveling back and forth on some of those Google data center links. Combine that information with all of the additional data listed in the info-graphic shown earlier and you have a recipe for privacy abuse and identity theft.

Any person or agency with the keys to all of that raw data could easily build complete profiles on hundreds of millions of individual people, places, companies and organizations at will.

Remember, it all comes down to who’s holding the keys. This time it was the National Security Agency tapping into Google’s data. Next time maybe it will be a hacker group, terrorist organization, or foreign government. It really doesn’t matter who does it in the end.

What really matters is that we have evolved into a society where we voluntarily surrender this information, and our very right to privacy, to the likes of Google, the NSA and hackers from around the world.

Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.

This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.




Tags: , , , , , , , , , , ,

Category: News, Videos

Comments (24)

Trackback URL | Comments RSS Feed

  1. Solon Benjamin says:

    But, still who cares? I am 54 and could care less who spies on who… I am living like I wish to do so. I eat what I want, and work where I want. Buy what I want, go fishing, hunting, etc… This effects nobody except possible terrorists or criminals. I wish the NSA, CIA, Feds, local police etc.. would spy more and try harder to protect us all. The only ones that rant against such safety measures that the NSA and other agencies are doing, are the terrorists, criminals or conspiracy nuts.

    • Nolos says:

      Solon Benjamin – you are an ignorant fool. You would trade your anonymity for your daily porridge – which is exactly what you’ve done. You’re not bright enough to realize that personal privacy is a cornerstone of real, true freedom. It’s nobody’s business what your life involves but your own. The “trust” you exhibit is grossly misplaced as all of human history has shown. MILLIONS have died because they have been “targeted” through the collection of personal information. You need a SERIOUS education in reality and how the information being illegally collected is being used to harm business, individuals, governments and politics.

  2. SNN says:

    Sadly, your average facebook surfing yuppie has no
    clue and cannot be bothered to be concerned if you
    do explain it. Their childlike trust is…stunning.
    I guess cynics are right…when the thugs from the
    state smash down your door at 2:00 AM for some
    comment you made on facebook…then you care.

  3. Renard Moreau says:

    [ Smiles ] Let us face the facts; there is no such thing as privacy!

  4. Hunter Neilson says:

    Last year my friend and I had to do a presentation on a book we read in English. The background of the story, is we begged our teacher to allow us to read 1984 by George Orwell for the project. She was a fan of the book and so we found the resources and completed the lit circles.

    We had to present a slideshow to the class on the last day of this project. I believe most of it went way over the classes heads (keep in mind we were in Grade 9 last year) but we made our statement.

    The focus of our slide was the comparison to Google and the surveillance which occurs in 1984. There were numerous points of the book that we had to include in the slide to get a passing grade (the irony) but we wanted to show others what really is happening to technology.

    After research and completion, I was personally blown away by how much data Google collected and even sites such as Facebook as well. Months went by and my friend and I were asked many questions by our peers about our slideshow, which had been done months past when Snowden became apparent in the news.

    When PRISM was leaked we thought back to our presentation and to 1984. It is no real surprise that something as valuable to the government as Google’s databases would be targeted.

    Right now, the Grade 11’s are reading 1984 and Fahrenheit 451. I want to get my hands on 451 before they are done. Already finished the first chapter and have been meaning to pick this book up last year.

    Well, that’s my thoughts on this article. Some what related but the point is we all see this coming if we deny it or not. It’s what we do to ourselves. They are trying to control us, and we cannot let them.

  5. Anonymous says:

    Snowden is a fake, and this is all propaganda that you or anyone else can NEVER confirm. Its all distraction IMO. Do you really believe that a single (younger) agent like Snowden had access to all the information he is releasing. I call bullshit.

  6. Sweden says:

    Comment to the ‘bullshit’ statement. Well what intel do you have that it is indeed fake? Logically NSA would of course like as much info as possible to analyze. They need lots of people to analyze all that data, so no surprise he was a young agent as you call it, how many 50 year old agents have learned that high tech level as is needed you think? not many I would say. Regards, from Sweden

  7. AxtiveThinker says:

    First, thank you Chris Dougherty for this most impressive investigation. I will be sharing it on with my circle and sending a hard copy to our local ISP who forced everyone onto exclusivity of Google’s Cloud Services some time ago, as it was sold; “for safer privacy.” As an aside, do consider how easy NSA (and others) must find their access to any of the ‘clear text’ clouds that are providing massive storage for the now mandated IT healthcare records. Unbelievably, even an ND I know was coerced into signing his patient’s records onto a cloud service when his ‘alternative’ medical practice is not sanctioned as legitimate enough by either the AMA or Medicare…and yet, he (somehow) had to comply with their mandate.

    Secondly, as if the tech giants Google and Yahoo being spied on by NSA wasn’t enough to raise grave concern…readers should know that by official agreement of our government with a foreign country, all raw data that is collected is eventually sent onto ISRAEL for the analysis…supposedly while they are being sure to protect, in particular, the privacy rights of all Americans. Yet, in consideration of Israel’s long standing track record of spying on whomever they please, this is egregiously naive.

    For one alarming article by Glenn Greenwald that was published Sept 11, 2013, go to theguardian.com and look for: “NSA shares raw intelligence including Americans data with Israel” and then we all must ask ourselves: Why would Israel, of all scheming (play all sides) countries, be on the receiving end of such massive surveillance collection? In other words, who is NSA “really” working for?

  8. Tim says:

    for god’s sake – i hope there are some people out there in north america who are just half away from those little minded commentaries. As an european citizen you cannot stand that everlasting patriotic sounded egoism anymore, that is mentioned above in so many statements. Is “your” (american) demand for safety and freedom godgiven? Are US global spy attacks on highest levels fully OK, because it doesn’t touch an american in any personal way? BO is giving a sh** to the people of the world and I hope, the EU would be brave enough to do it like him. Although this is far away with our poor administration in GER, that should go ahead with full power as a world leading economy! it makes me even proud a little to be different, to know about millions behind that also fight against paranoid control by the US government, to be common with so many people in “old europe”!

  9. Hmmmph says:

    maybe this is a leak. a la occult ritual. saying they must disclose what is being done. in order to be able to opt-out. or what not. It seems at the time of the release. VS. the other REAL situations ,
    ever get the stops or 1/2 second pauses. . smart meter or even control at the electronic level. How about we not limit our selves to think at a certain level. no matter what!

Leave a Reply