nsa signal-surveillance success stories. april 2013
DESCRIPTION
These slides contain excerpts from an April 2013 National Security Agency presentation detailing signal surveillance techniques and successes. They reveal that the NSA and its British counterpart, Government Communications Headquarters (GCHQ), use a Google-specific tracking cookie to pinpoint targets for hacking. -- The National Security Agency is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using "cookies" and location data to pinpoint targets for government hacking and to bolster surveillance. The agency's internal presentation slides, provided by former NSA contractor Edward Snowden, show that when companies follow consumers on the Internet to better serve them advertising, the technique opens the door for similar tracking by the government. The slides also suggest that the agency is using these tracking techniques to help identify targets for offensive hacking operations. For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. The revelation that the NSA is piggybacking on these commercial technologies could shift that debate, handing privacy advocates a new argument for reining in commercial surveillance. According to the documents, the NSA and its British counterpart, GCHQ, are using the small tracking files or "cookies" that advertising networks place on computers to identify people browsing the Internet. The intelligence agencies have found particular use for a part of a Google-specific tracking mechanism known as the “PREF” cookie. These cookies typically don't contain personal information, such as someone's name or e-mail address, but they do contain numeric codes that enable Web sites to uniquely identify a person's browser. In addition to tracking Web visits, this cookie allows NSA to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. The slides say the cookies are used to "enable remote exploitation," although the specific attacks used by the NSA against targets are not addressed in these documents. The NSA's use of cookies isn't a technique for sifting through vast amounts of information to find suspicious behavior; rather, it lets NSA home in on someone already under suspicion - akin to when soldiers shine laser pointers on a target to identify it for laser-guided bombs. Separately, the NSA is also using commercially gathered information to help it locate mobile devices around the world, the documents show. Many smartphone apps running on iPhones and Android devices, and the Apple and Google operating systems themselves, track the location of each device, often without a clear warning to the phone's owner.TRANSCRIPT
Our Approach
• Queried over' 900 tower,s and other selectors in MAINWAY/SEDB ln [attemptto d~.scovler[any ~dentifiable selectors [around the coordinates of interest
• C[~eated[another query based on identified selectors of interest to pull fiorany Ice~1fan infurmation in order to more prelcisely locate leach selector ofilnte~est
• Queried in SEDB shilp data on the ships. of intlerest and p~oHedthe track thesh~pstook into
• Identified se~'ectors·by celli fan imormlation seen near the ports.where thesh~pstOf' interest had docked. Also correlated any selectors moving in[~elatitOn~D'the sh ips:·m,OVlemlentsus~n;gcen Ian data I
0 ' sdlicovere. indiv~dLJallswho could havle pass~b~ybeen traveUng with the ships of lntarest .
[Mission Example and Result: The HAPP'VIFOOT ana~ytic aglgre'lg,stes leaked locatilOn..based service J locailon-aware appllcanen data,to infer ~,Pladdress geo ..locations. SOS identified 'Publi,c' and jprivate' usag'B of the same IP' add res's fhat caused HAPPY FOOT toa,ssign .e~locksto geo-Iocations (the IP' address 'was used in both countries). This privatle network ~snowbeing ,rea~lmedand p~operiygeo..tocated. Ongoing wolt win salve this reaim~naproblem for networks affecting other cloud analytics.,
I • r
Our'ApproachI.;rradk!ed .. ; s con¥erged lcom,municaUons and CNE accesses,Iii Monitored pass~veinternet trlaffic; created automated processes wherepossible (X1K8ANCHO,RMAN, Wonkflows, F~ngerpr~nts)~Iii plrov~ded TAO/GCHQ, with WLLidslDSL accounts Cooldes,~
G,oe)·.·~le,PREF~Dsto renabllB remote exploitation~.. Partnered with NGiA and IR4 to lconfirm locations land US,RP requipmentbased on collected phatQ~raphs.,.. Drove C,NE,rcoUection and lParme~ed'w~thTAO to incral8se US,RPspecifi'c endpo,int alcoesses, ... P'ravided knowlredgleto interagency partners for patentla~on the groundsurvey options and IFBI..led ~ntelUgence Iguiding lefforts.
(5//51/ /REL TO USA, FVEY)Metadata/Target Discovery: Analyze ONR/ONI/Convergencemetadata for target discovery, identify gaps in collection, processing, and analyticmethodologies; Improve metadata collection and processing; Create analytics thatautomate or improve analytic methodologies; Conduct target discovery through multipletechnology thrusts, including endpoint, web-based technologies/services, mobileapplications and networks, geo-Iocation analysis, correlations/identity Analysis, SocialNetwork Analysis; Collaboration/facilitation with TAO, 53, CIA, DONI, 550, CES,and SSGcenters.