Leaks from NSA whistleblower Edward Snowden appear to have revealed a tool allowing the intelligence agencies to easily spy on anyone’s Internet communications, and possibly bypass VPN protections.
Slides handed to the Guardian indicate the XKeyscore software is based on a “massive distributed Linux cluster”, consisting of over 700 servers distributed around the world across 150 sites. It looks as if there are three sites in the UK.
A “federated query mechanism” lets intelligence analysts type in just an email address, an IP address or a Facebook login to get hold of communications data. That information includes all email addresses seen during a target’s session, all phone numbers, and the username, contacts and cookies used in webmail and chat communications.
Perhaps more concerning is that the slides appear to indicate the program can be used to crack VPNs designed to provide anonymity for users. In one of the suggestions for using XKeyscore, a slide reads: “Show me all the VPN startups in country X, and give me the data so I can decrypt and discover the users.”
Many have assumed this means the NSA has access to powerful tools to breach the security mechanisms of VPNs.
Another slide suggests US intelligence services have access to “all the exploitable machines” in chosen countries, indicating at a more aggressive monitoring operation.
The tool also lets analysts gain insight into HTTP traffic, either by picking a target’s IP address or selecting a website to collect IP addresses of those visiting the site.
The “content” is stored for only three to five days, the Guardian reported, whilst metadata is stored for 30 days. It remains unclear how much content XKeyscore can actually access outside of metadata.
According to one document, “at some sites, the amount of data we receive per day (20+ terabytes) can only be stored for as little as 24 hours”.
Last year, at least 41 billion records were collected and stored by the program for a 30-day period.
A Der Spiegel report from earlier this month claimed XKeyscore had been passed on to the German government, who had used it to access information.
Over 300 terrorists were captured using intelligence generated from XKeyscore, a slide claimed.
The NSA said use of XKeyscore was contained by the right checks and balances.
“NSA’s activities are focused and specifically deployed against – and only against – legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests,” an NSA spokesperson said.
“XKeyscore is used as a part of NSA’s lawful foreign signals intelligence collection system.
“Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks.”
Shhh! Don’t look at our whistleblowers quiz!
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…
View Comments
time to redo it and use it on the nsa legal if they can do it any american can use it on them and should....
were working on it now soon to be put up for download for all anono. users...
Whatcha mean... Like doing the same to them? Sniffing Fed agents home networks and favorite eating and drinking establishments? RMing every box they are even around including family? What about local PD's? Lots of stuff that "the people with nothing to hide" don't want thrown up on Pastebin for the world to see. Health issuses, substance abuse, Domestic violence(a big one among that crowd), sexuality... on and on. They wouldn't like it so much? Just thinking out loud as that is a silly thought, which ever one of you thought it...
I feel it's incredibly naive to believe that these programs are or will only be used for "catching terrorists."
The ways that "knowing everything in real-time" can be abused is limitless. i.e. insider trading, espionage, theft of private intellectual property for use in classified projects, etc, etc.
The government has been caught red-handed. They will do anything to paint a portrait of legitimacy.
The reality is that even the most trusted governments, including the U.S., have documented legacies of intelligence abuses.
Do you really believe that the government will stop here?
This is no solid proof that NSA can break VPN encryptions, at least not all of them. ...it is more of a speculation.
Who cares about VPN's anyway? They are NOT an anonymity tool, they help with privacy but anyone using a VPN in an attempt at anonymity hoes not have a clue. VPN's have their place but not as a replacement for TOR, i2p, Freenet, GnuNet, TOR.