November 1, 2013
NSA Hacks into Google and Yahoo Data Center Links
After the famous PRISM program, another mass data-collection program by the NSA called “MUSCULAR” has recently come to light. The NSA jointly operates this project of exploiting data links with its British counterpart Government Communications Headquarters. Both spy agencies successfully penetrated the main connection links that connect Google and Yahoo data centers around the world. Now they can get access to user accounts of millions of people including US residents. As the Washington Post reports, by tapping into those links the NSA is able to collect a wide range of user information including “metadata” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.
Through this program the NSA collects millions of data every day from internal networks of Yahoo and Google to data warehouses at NSA’s in Fort Meade, Maryland. As per a top-secret accounting dated January 9 2013, about 181,280,466 new records containing user data has been processed and sent by field collectors. The NSA does not keep everything that it collects, but keeps a lot of them. Jointly, the NSA and its British counterpart copies the entire data that flows across the fiber optic cables carrying information between Yahoo and Google data centers. However, the interception points from where they access such a huge amount of data is still undisclosed. In an NSA slide presentation, the agency explains how it gets into the midpoint where the Google cloud touches the public Internet. The presenter adds a smiley face and says, “SSL added and removed here”.
In response to the report by Washington Post regarding the “MUSCULAR” program, the NSA said:
“NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies Attorney General-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”
In comparison to the PRISM program the recently revealed MUSCULAR program seems to be more intrusive, as the spy agencies perform their operation of mass data collection without the knowledge of the tech companies. Also the NSA has a greater advantage by intercepting communications overseas because of lax rules and less oversight. Such a large-scale data collection would be illegal in the United States. On the contrary, in the PRISM program the NSA had to issue a court warrant to the companies in order to collect user data. In order to maintain the privacy of their users, the tech companies are also working on implementing strong security measures to keep the user data secure. Google is working towards encrypting the flow of information between its data centers as a reaction to the NSA surveillance. Google Chief Legal Officer David Drummond said “the company does not give any government access to its systems. However, the company has been concerned about the possibility of this kind of snooping and has encrypted more of Google’s services and links as a result. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.
Similarly Yahoo emphasized “strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or any other government agency.”
Secure cloud storage service that protects your data from surveillance
SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now.