Thursday, August 1, 2013

Some Questions on XKeyscore

Glenn Greenwald at the Guardian has written another very interesting article on XKeyscore, an NSA intelligence program to search huge amounts of bulk traffic that allied intelligence agencies are collecting from around the globe.  The Guardian also made available a top-secret presentation on XKeyscore from 2008.  This represents the program as it was inherited by the Obama administration from the Bush administration.  However, comments in interviews by Edward Snowden suggest that substantially similar capabilities still exist.

I wanted to draw attention to several things in the NSA presentation that the Guardian didn't mention but that struck me as interesting (having a computer security background).  The first is this map:


Several questions arise:
  • Do these nodes represent actual taps into Internet cables for raw data acquisition?  Or processing/storage nodes in the data-analysis cluster?  If the latter, why distribute them so much in places where they will be harder to guard?
  • There are many nodes shown throughout continental Europe.  Is this with the knowledge and acquiescence of European intelligence agencies?  Or is this a map of the infrastructure for spying on them?  Or just commercially leased data storage/compute facilities?
  • What does the red dot in the middle of China represent?  Ditto the one in Russia?
  • What do the string of red dots just above Antarctica represent?
Another very interesting part is this description of a possible query to XKeyscore:


VPN here will mean "Virtual Private Network" - systems which companies and other organizations use to provide secure encrypted access to the enterprise network for remote users (eg people working from home, or employees on business trips).  This slide appears to suggest that the NSA has the ability to break the encryption of at least some commercial VPN systems (if so, this is a fact that is not generally known).

It's less clear, but there's at least a hint of something similar here:


Does "content" in the last bullet mean the decrypted plaintext of the Word documents or PGP protected email?  If not, what would be the point of looking at the encrypted content?  This raises the further question; is the NSA is able to break the encryption of MS Office documents and PGP encrypted email?

Finally, this:

This suggests that the NSA scans computers for some fraction of the globe looking for vulnerabilities and maintains a database (seemingly called Tao) of those vulnerabilities to allow them to break in to those computers at a later time.  This kind of inventory is also the necessary precursor to very large-scale rapid attacks such as flash worms.

4 comments:

Unknown said...

The row of red dots - compromised communication satellites ?

Poechewe said...

The 25 dots suggest 24 geosynchronous satellites and 1 extra.

Joe said...

The red dots suggest to me that there is one dot for each country; note the dot in the middle of Ukraine, Japan, Brazil, etc.

Consider also the world map sitting behind Jon Stewart/John Oliver on the Daily Show, which shows random points of light around the globe, with no real meaning to them but the creation of an illusion of reality. There could be some of that here as well.

Lars Boelen said...

Interesting questions Stuart. The slides do seem to imply that currently used encryption techniques are now transparent to US intelligence officers. This would mean that (given that PGP is opensource and hence contains no backdoors) they have either sufficiently fast parallel computers OR, even more interesting, a working quantumdecoder.

This whole data gathering thing that is going on also makes you think: is data gathering itself now such a big business that it has created a self sustaining industry, just like the police/justice apparatus that sustains itself by keeping drugs illegal.

One last thought : if you gather so much intelligence, legally or illegally, that you can say with 100% certainty that "al qaida" will launch an attack againt "us citizens" in august 2013, what good does it do to warn 300 million people? Nobody is going to bother after august 5th, and 100's will kill each other anyway before the month is over with America's distributed WMD : the second amendment :-)