The Details
Click to see the related section of the document.
Special Source Operations
The Special Source Operations group collects the largest share of NSA intelligence. It is based primarily on "private sector partnerships" with U.S. and foreign corporations and allied intelligence services. Those partnerships enable the SSO to tap into the so-called backbone of the Internet -- the largest switches and cables that carry data traffic. The SSO's insignia depicts an eagle with its talons grasping fiber optic cables that encircle the globe.
Three Types Of Programs
The NSA divides SSO programs into three types, or "portfolios," of access to electronic communications. The cover names under Corporate are for points of access on U.S. territory operated by companies such as AT&T, Verizon Business Services and L-3 Communications, primarily under the authority of the Foreign Intelligence Surveillance Act and its 2008 amendments. The Foreign portfolio includes access provided by overseas companies and intelligence services. 2nd Party programs involve the four closest NSA allies: Britain, Canada, Australia and New Zealand. 3rd Party partners are all others. The Unilateral portfolio describes intelligence collection overseas without the knowing participation of the government or private company whose data the NSA intercepts.
What Are Presidential Briefs?
The President's Daily Brief is the premier U.S. intelligence product, drawn from all sources of the 16 intelligence agencies and available only to the president and a small number of his most senior advisers. BLARNEY, FAIRVIEW and STORMBREW are the largest U.S. domestic cable intercept operations, with U.S. corporate cooperation. TAO stands for Tailored Access Operations, or target-specific hacking. INCENSER and DS-200 are high-volume collection programs operated in partnership with the British GCHQ. This pie chart shows that DS-200, the overall designation for GCHQ "private partner" operations with British companies, was the NSA's 15th biggest contributor to presidential briefings.
Presidential Brief Sources
[RF] = Radio frequency (mobile telephone and other wireless transmissions) [Cable] = The main highways for Internet traffic, primarily made of fiber optic cable [Endpoint] = Collection directly from the source or destination of data traffic, such as the router for a foreign government computer network. Usually this is done by placing a software or hardware "implant" in the target system. [Protected] = The Post is unsure what this means
2nd Party Accesses
MUSCULAR, or DS-200B, collects the Internet "cloud" traffic of Yahoo and Google from an interception point on British territory. 20Gbit refers to high-volume cables that carry 20 billion "bits," or 2.5 gigabytes, of computer data per second into the NSA's TURMOIL processing system. IP Subnet Promotion means the ability to give priority, when selecting intelligence from a large data stream, to information coming from a particular neighborhood of the internet, such as a the network belonging to a foreign government's defense ministry.
Technical Details Of MUSCULAR
This slide shows that the British GCHQ began collecting from its MUSCULAR project in July 2009. At the time, it could store 10 gigabytes a day of processed traffic. It expanded to 20 gigabytes a day and was scheduled to reach 40 gigabytes a day by now, with plans to grow to 100 gigabytes a day.
What Yahoo and Google Did Not Think The NSA Could See
What are Special Source Operations?
The SSO group, the insignia of which includes an eagle grasping fiber optic cables that span the globe, collects intelligence with the help of U.S. and foreign companies. Documents suggest it accounts for the largest fraction of all NSA collection.
Yahoo Data Formats
When NSA systems ingest a stream of data, they send it through many layers of filtering and sorting. The TUDDS tool applies "selectors" (in effect, "keep this") and "defeats" ("discard this"). This slide shows defeat signatures for information that the NSA does not want. Any data matching a signature are blocked "at router," the collection point. Further selection is done at later stages of processing. This slide is significant because the signatures specified refer to proprietary Yahoo data formats that do not generally travel on the public Internet.
What Is NSA Blocking With These "Defeats"?
Each rule is meant to stop a specific kind of Google traffic. [adwords] is Google's web advertising network. [bigtable] is a proprietary Google database system that is 'not distributed outside Google'. [teragoogle] is a proprietary process used by Google to index Web sites in order to deliver search results quickly.
Inside Google's Network
This is a 'packet capture,' or a stream of unprocessed data passing through NSA collection systems. This slide shows one of Google's warehouse-sized data centers confirming, or authenticating, that it is talking securely to another, probably thousands of miles away. Engineers familiar with Google's systems said the NSA should not see this traffic from anywhere outside Google's internal network. Gaia is the authentication system used inside Google's internal network. Marina is a principal NSA database for Internet metadata.
Google's Internal Traffic
This pie chart shows different types of internal Google network traffic, by volume. Some of the data types, including "Google Authorization" and "gaia//permission_whitelist," are available only inside Google's private cloud.
No comments:
Post a Comment