November 1, 2013

NSA Hacks into Google and Yahoo Data Center Links

by with 5 comments

Image from

Image from

After the famous PRISM program, another mass data-collection program by the NSA called “MUSCULAR” has recently come to light. The NSA jointly operates this project of exploiting data links with its British counterpart Government Communications Headquarters. Both spy agencies successfully penetrated the main connection links that connect Google and Yahoo data centers around the world. Now they can get access to user accounts of millions of people including US residents. As the Washington Post reports, by tapping into those links the NSA is able to collect a wide range of user information including “metadata” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.

Through this program the NSA collects millions of data every day from internal networks of Yahoo and Google to data warehouses at NSA’s in Fort Meade, Maryland. As per a top-secret accounting dated January 9 2013, about 181,280,466 new records containing user data has been processed and sent by field collectors. The NSA does not keep everything that it collects, but keeps a lot of them. Jointly, the NSA and its British counterpart copies the entire data that flows across the fiber optic cables carrying information between Yahoo and Google data centers. However, the interception points from where they access such a huge amount of data is still undisclosed. In an NSA slide presentation, the agency explains how it gets into the midpoint where the Google cloud touches the public Internet. The presenter adds a smiley face and says, “SSL added and removed here”.

Image from

Image from

In response to the report by Washington Post regarding the “MUSCULAR” program, the NSA said:

“NSA has multiple authorities that it uses to accomplish its mission, which is centered on defending the nation. The Washington Post’s assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of U.S. persons’ data from this type of collection is also not true. NSA applies Attorney General-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination. NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.

Image from

Image from

In comparison to the PRISM program the recently revealed MUSCULAR program seems to be more intrusive, as the spy agencies perform their operation of mass data collection without the knowledge of the tech companies. Also the NSA has a greater advantage by intercepting communications overseas because of lax rules and less oversight. Such a large-scale data collection would be illegal in the United StatesOn the contrary, in the PRISM program the NSA had to issue a court warrant to the companies in order to collect user data. In order to maintain the privacy of their users, the tech companies are also working on implementing strong security measures to keep the user data secure. Google is working towards encrypting the flow of information between its data centers as a reaction to the NSA surveillance. Google Chief Legal Officer David Drummond said “the company does not give any government access to its systems. However, the company has been concerned about the possibility of this kind of snooping and has encrypted more of Google’s services and links as a result. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.

Similarly Yahoo emphasized “strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or any other government agency.”

Secure cloud storage service that protects your data from surveillance

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now.

  1. It’s ridiculous that people do not seem to want to accept the implications of metadata collection. The information being gathered actually allows for the government to know your exact location, including floor level, and general region of a building. With information like that, the government is able to determine whether you are seeing a counselor, or having an affair, and information like that is so trivial, and yet people are put on “watch lists” for the most basic things. The NDAA allows the government to keep tabs on you for storing large amounts of food, believe it or not. The lien between civilian and terrorist is getting thinner and thinner, and it is silly. I am fully supportive of foreign spying, but at a certain point, it just becomes overkill.

  2. I’m glad to hear private businesses stepping up to encrypt cloud data but even with that I think this news is a potential disaster. Think of the shilling effects this could have on IT in general. It’s sometimes hard enough to find a provider or a solution that you can trust but now even if you do trust them you still have to worry about governments trying to read and copy your information.

  3. This is a gross invasion of privacy. I am shutting down my Facebook and Linkedin accounts. Not because of this incident. I have always been worried that Internet activity will be used against a person, even if they did nothing wrong. I have not responded to Facebook in a year. I don’t feel at a loss. With no Facebook or Twitter, I now converse with those close to me face to face.

  4. Honestly, I can’t say I’m worried. Maybe this makes me gullible in some people’s eyes, or maybe I seem too trusting, but the truth is, if you’ve done nothing to compromise the security of the United States, then you’ve got nothing to worry about. Having an affair or cheating on your taxes is not what these people are after. They have a specific target and it’s not me. So if they want to know where I am and what I’m doing, even if one day I do turn evil and cheat on my wife, they’ve got my O.K. to do so. I doubt they’d show up on my doorstep because I one day decided to take advantage of a sale at Walmart and bought 20 lbs of chicken, or because I was unfaithful to my wife or forgot to give the teller the extra change she mistakenly gave me. This is National Security stuff. I say let them do their job and protect the american people. You don’t see people in the EU complaining about all the surveillance going on, why? Because they feel safer and they’re smart for feeling that way. Maybe the problem here in the US is that people don’t trust their own government? If that’s the case, the solution is simple enough, change who you vote for.

  5. Nice. It’s one of the reasons to stop using the ‘net completely. Let’s go back to smoke signals. I know that sounds insane, but many of you get what I mean. If they are able to accomplish all of this hacking and what appears to be a deliberate invasion of our precious privacy, why can’t they build a website to handle health insurance enrollment?