According to recent documents obtained from former NSA contractor Edward Snowden, the National Security Administration has stealthily broken into the backend data servers of both Google and Yahoo, putting itself in the position to harness hundreds of millions of files containing user data.
This new program, which allows the NSA to tap into Yahoo and Google’s internal overseas networks at will, is called MUSCULAR. And like PRISM before it, reports from top secret accounts dated January 9, 2013 indicate that they’ve already collected hundreds of millions of stored records – 181,280,466 to be exact.
Most of this is reportedly metadata, which is the information about sent messages like emails. However, the NSA might also have the context of each email, that being any text, audio, or video attached.
MUSCULAR is operating in-tandem with British agency GCHQ, and has the sole focus of copying entire data transactions that are sent across fiber-optic cables between data centers of web giants like Google and Yahoo.
This is dissimilar to PRISM, as this is a sneaky backdoor break-in – whereas PRISM is access to Google and Yahoo’s user accounts through court-approved mandation. What’s happening here is far more in the line of technical brute force.
Following these reports, White House officials and the NSA-overseeing Office of the Director of National Intelligence have, shockingly, declined to confirm or deny such accusations that these reports propose.
Google and Yahoo, however, have spoke up – and they’re “troubled” by the allegations.
“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” a representative from Google said to the Washington Post.
As for Yahoo’s stance, a spokeswoman said the following:
“We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
Again, MUSCULAR is similar to PRISM in that its objective is to attain specific information in bulk. But it’s different in the fact that it’s not approved by Foreign Intelligence Surveillance Court or the associated act, whereas PRISM is.
“Look, NSA has platoons of lawyers and their entire job is figuring out how to stay within the law and maximize collection by exploiting every loophole,” said former NSA chief analyst John Schindler.
“It’s fair to say the rules are less restrictive under Executive Order 12333 than they are under FISA.”
And even though the data centers of Google and Yahoo are spread out over four continents and connected by thousands of miles of cables, effectively to combat this level of all-access that MUSCULAR wants to acquire, it hasn’t stopped the NSA so far, it seems.
The image below is reportedly from the same recovered documents, and was part of an NSA presentation on “Google Cloud Exploitation.” It shows how MUSCULAR is designed to circumvent Google’s security encryption, and adds a snarky smiley face symbolizing celebration of cracking Google’s code.
According to The Washington Post, two engineers “with close ties to Google” became quite infuriated by the existence of this slide.
“I hope you publish this,” one of them said.
Even as of last month, before this story broke, Google was racing to further encrypt the links that bridge information between their sensitive data centers.
“It’s an arms race,” he said then. “We see these government agencies as among the most skilled players in this game.”
It isn’t clear just yet how much of the data uncovered, if entirely true, was that of Americans. Only time and persistence will tell.
For an even more technical perspective at the MUSCULAR program, check out the original article from The Washington Post.