Wednesday, October 30, 2013

NSA Breaks Into Secure Communication Links of Google and Yahoo; Italian Magazine Claims NSA Monitors Pope

The Washington Post reports NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
In this slide from a National Security Agency presentation on “Google Cloud Exploitation,” a sketch shows where the “Public Internet” meets the internal “Google Cloud” where user data resides. Two engineers with close ties to Google exploded in profanity when they saw the drawing.



According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.

The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, GCHQ. From undisclosed interception points, the NSA and GCHQ are copying entire data flows across fiber-optic cables that carry information between the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.

At Yahoo, a spokeswoman said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
Note the Smiley

Please note the Smiley in the lower center part of the image. The adjacent text says "SSL added and removed here!".

For those interested in "SSL" technology, Wikipedia offers this explanation.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to assure the counterparty whom they are talking with, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product message authentication. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP). An important property in this context is perfect forward secrecy, so the short term session key cannot be derived from the long term asymmetric secret key.
The diagram suggests the NSA is somehow able to add its own "secure" layer or simply remove the security layers of Google and Yahoo!

Italian Magazine Claims NSA Monitors Pope

This story is not yet confirmed but Reuters reports Italian magazine says U.S. spies listened to pope, Vatican says unaware.
An Italian magazine said on Wednesday that a United States spy agency had eavesdropped on Vatican phone calls, possibly including when former Pope Benedict's successor was under discussion, but the Holy See said it had no knowledge of any such activity.

Panorama magazine said that among 46 million phone calls followed by the U.S. National Security Agency (NSA) in Italy from December 10, 2012, to January 8, 2013, were conversations in and out of the Vatican.

In a press release before full publication on Thursday, Panorama said the "NSA had tapped the pope". It cited no source for its information.

Panorama said the recorded Vatican phone calls were catalogued by the NSA in four categories - leadership intentions, threats to the financial system, foreign policy objectives and human rights.
Reflections on Monitoring "God's Work"

The humorous comment of the day goes to Zerohedge who said "We can only assume this means keeping on top of Goldman's activities around the globe: after all, when one intercepts god's phone calls, one is mostly interested what the bank that does god's will is doing."

In case you missed the connection, in November 2009 Goldman Sachs' CEO Lloyd Blankfein claimed "Goldman is doing God's work". For details, please see God's Work and Goldman's Prayer.

Mike "Mish" Shedlock
http://globaleconomicanalysis.blogspot.com