Friday, November 01, 2013

NSA's MUSCULAR program directly muscles into Google, Yahoo data centers

The Washington Post and The Guardian continue to slowly leak information gleaned from the documents they have been given by former NSA contractor Edward Snowden. The latest NSA revelation comes from WaPo, which said on Wednesday that the spy organization has been secretly collecting data directly from Google's and Yahoo's data centers.

You read that correctly. Rather than collecting the public's data "from the public," which might be considered far easier, the NSA is collecting such information from the companies that we know and (hopefully) trust (to a degree): Google and Yahoo.

Based on the information, one might assume that any cloud computing service, such as Microsoft, Samsung, or any other organization that stores data in the cloud, is vulnerable to NSA hacking.

According to the documents, the U.S. isn't doing this on their own, though. The MUSCULAR program, as it is dubbed, is operated with the assistance of the NSA's U.K. counterpart, the GCHQ. MUSCULAR can reportedly collect data metadata directly from Google and Yahoo by tapping into the privately-owned connections that link the companies' data centers to the Internet.

MUSCULAR appears to be a program that is separate from PRISM, another top-secret program that allows the NSA and the GCHQ to access data from nine tech giants -- but with the approval of the FISA court. MUSCULAR, though, is said to be operating completely under the radar. Comparatively speaking, MUSCULAR is back-door access to the data, while PRISM if front-door access.

While MUSCULAR's scale isn't known, a leaked document dated Jan. 9, 2013, said that the NSA had collected 181,280,466 records in the prior 30 days. Another document called the program's data acquisition "full take," "bulk access" and "high volume."

In a statement, David Drummond, Google's chief legal officer, said:
We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide. We do not provide any government, including the U.S. government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.
A spokesperson for Yahoo didn't directly address the MUSCULAR program but said:
We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.

No comments: