NSA uses front and back doors to gain access

And the Edward Snowden hits keep coming.

Barton Gellman, one of the outlets for the NSA documents provided by Edward Snowden, has another big story that expands yet again the range of spying done by the NSA on American companies and Americans, even to the extent of storing actual content and not just metadata.

We already knew that the NSA has some ‘front door’ access to some data through arrangements with some internet companies, but it now looks like they broke in through the back door of Google and Yahoo to get even more information.

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.

The NSA is taking advantage of the fact that the cloud servers are often overseas and restrictions on such snooping are looser overseas.

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner. [My italics-MS]

Tapping the Google and Yahoo clouds allows the NSA to intercept communications in real time and to take “a retrospective look at target activity,” according to one internal NSA document.
In order to obtain free access to data center traffic, the NSA had to circumvent gold standard security measures.

In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.

Google and Yahoo have both expressed outrage at what was done.

In a statement, Google’s chief legal officer, David Drummond, said the company was “outraged” by the latest revelations.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” he said.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Yahoo said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

The angry responses from Google and Yahoo suggest that their denial of knowledge that the NSA was doing this may be genuine.

I see a big future for cryptographers as people seek ever more secure ways of protecting their date from the government.