NSA XKeyscore Tool ‘Could Crack VPNs And Expose The Anonymous’

Leaks from NSA whistleblower Edward Snowden appear to have revealed a tool allowing the intelligence agencies to easily spy on anyone’s Internet communications, and possibly bypass VPN protections.

Slides handed to the Guardian indicate the XKeyscore software is based on a “massive distributed Linux cluster”, consisting of over 700 servers distributed around the world across 150 sites. It looks as if there are three sites in the UK.

A “federated query mechanism” lets intelligence analysts type in just an email address, an IP address or a Facebook login to get hold of communications data. That information includes all email addresses seen during a target’s session, all phone numbers, and the username, contacts and cookies used in webmail and chat communications.

VPN cracking and exploitable machines

Perhaps more concerning is that the slides appear to indicate the program can be used to crack VPNs designed to provide anonymity for users. In one of the suggestions for using XKeyscore, a slide reads: “Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users.”

Many have assumed this means the NSA has access to powerful tools to breach the security mechanisms of VPNs.

Another slide suggests US intelligence services have access to “all the exploitable machines” in chosen countries, indicating at a more aggressive monitoring operation.

The tool also lets analysts gain insight into HTTP traffic, either by picking a target’s IP address or selecting a website to collect IP addresses of those visiting the site.

The “content” is stored for only three to five days, the Guardian reported, whilst metadata is stored for 30 days. It remains unclear how much content XKeyscore can actually access outside of metadata.

According to one document, “at some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours”.

Last year, at least 41 billion records were collected and stored by the program for a 30-day period.

A Der Spiegel report from earlier this month claimed XKeyscore had been passed on to the German government, who had used it to access information.

Over 300 terrorists were captured using intelligence generated from XKeyscore, a slide claimed.

The NSA said use of XKeyscore was contained by the right checks and balances.

“NSA’s activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests,” an NSA spokesperson said.

“XKeyscore is used as a part of NSA’s lawful foreign signals intelligence collection system.

“Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks.”

Shhh! Don’t look at our whistleblowers quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • time to redo it and use it on the nsa legal if they can do it any american can use it on them and should....
    were working on it now soon to be put up for download for all anono. users...

    • Whatcha mean... Like doing the same to them? Sniffing Fed agents home networks and favorite eating and drinking establishments? RMing every box they are even around including family? What about local PD's? Lots of stuff that "the people with nothing to hide" don't want thrown up on Pastebin for the world to see. Health issuses, substance abuse, Domestic violence(a big one among that crowd), sexuality... on and on. They wouldn't like it so much? Just thinking out loud as that is a silly thought, which ever one of you thought it...

  • I feel it's incredibly naive to believe that these programs are or will only be used for "catching terrorists."

    The ways that "knowing everything in real-time" can be abused is limitless. i.e. insider trading, espionage, theft of private intellectual property for use in classified projects, etc, etc.

    The government has been caught red-handed. They will do anything to paint a portrait of legitimacy.

    The reality is that even the most trusted governments, including the U.S., have documented legacies of intelligence abuses.

    Do you really believe that the government will stop here?

  • This is no solid proof that NSA can break VPN encryptions, at least not all of them. ...it is more of a speculation.

  • Who cares about VPN's anyway? They are NOT an anonymity tool, they help with privacy but anyone using a VPN in an attempt at anonymity hoes not have a clue. VPN's have their place but not as a replacement for TOR, i2p, Freenet, GnuNet, TOR.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago