NSA Harvesting Contact Lists

A new Snowden document shows that the NSA is harvesting contact lists—e-mail address books, IM buddy lists, etc.—from Google, Yahoo, Microsoft, Facebook, and others.

Unlike PRISM, this unnamed program collects the data from the Internet . This is similar to how the NSA identifies Tor users. They get direct access to the Internet backbone, either through secret agreements with companies like AT&T, or surreptitiously, by doing things like tapping undersea cables. Once they have the data, they have powerful packet inspectors—code names include TUMULT, TURBULENCE, and TURMOIL—that run a bunch of different identification and copying systems. One of them, code name unknown, searches for these contact lists and copies them. Google, Yahoo, Microsoft, etc., have no idea that this is happening, nor have they consented to their data being harvested in this way.

These contact lists provide the NSA with the same sort of broad surveillance that the Verizon (and others) phone-record “metadata” collection programs provide: information about who are our friends, lovers, confidants, associates. This is incredibly intimate information, all collected without any warrant or due process. Metadata equals surveillance; always remember that.

The quantities are interesting:

During a single day last year, the NSA’s Special Source Operations branch collected 444,743 e-mail address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers….

Note that Gmail, which uses SSL by default, provides the NSA with much less data than Yahoo, which doesn’t, despite the fact that Gmail has many more users than Yahoo does. (It’s actually kind of amazing how small that Gmail number is.) This implies that, despite BULLRUN, encryption works. Ubiquitous use of SSL can foil NSA eavesdropping. This is the same lesson we learned from the NSA’s attempts to break Tor: encryption works.

In response to this story, Yahoo has finally decided to enable SSL by default: by January 2014.

One more amusing bit: the NSA has a spam problem.

Spam has proven to be a significant problem for the NSA—clogging databases with information that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake addresses and never ‘delivered’ to targets.”

The Washington Post published three NSA documents to support this article.

EDITED TO ADD: The New York Times makes this observation:

Spokesmen for the eavesdropping organizations reassured The Post that we shouldn’t bother our heads with all of this. They have “checks and balances built into our tools,” said one intelligence official.

Since the Snowden leaks began, the administration has adopted an interesting definition of that term. It used to be that “checks and balances” referred to one branch of the government checking and balancing the other branches—like the Supreme Court deciding whether laws are constitutional.

Now the N.S.A., the C.I.A. and the White House use the term to refer to a secret organization reviewing the actions it has taken and deciding in secret by itself whether they were legal and constitutional.

Tags: , , , , , , , , , , , , , , ,

Posted on October 15, 2013 at 1:37 PM95 Comments

Comments

Edd October 15, 2013 2:04 PM

Great example of why you should add everyone into your contact books, clog them with data . Now, if only the NSA would make Spam a National Security Priority they could do some good …

maxCohen October 15, 2013 2:09 PM

I have Michelle Obama and Gen. Alexander in my address book. It’s like a Get Out Of Jail free card.

BJ October 15, 2013 2:13 PM

Last I checked, ICQ & MSN Messenger would sent your complete contact list in the clear every time you logged in.

I hope MSN is using SSL by now. I have no idea about ICQ, I think AOL was EOL’ing it.

delia ruhe October 15, 2013 2:17 PM

If anyone’s interested, Steven Aftergood has written a review of an important dissertation on the American intelligence community by sociologist Bridget Nolan (who had to quit the CIA in order to publish it as a book). The review is called “To Fix U.S. Intelligence, Shrink It?”:

http://blogs.fas.org/secrecy/2013/09/nctc-nolan/

and the dissertation is available for download as a pdf:

http://media.philly.com/documents/Nolan_Dissertation.PDF

It backs up a lot of what’s being reported now about too much data being swept up and too big a bureaucracy crippling the effectiveness of intelligence.

NobodySpecial October 15, 2013 2:45 PM

@maxCohen – I just created a gmail account and I log in and edit an unsent message. It looks like those two are having an affair!

Alain from Switzerland October 15, 2013 2:55 PM

@delia ruhe: Sounds very reasonable. When I told my parents about this year’s revelations about the NSA and so, my mother only once asked me a question: Don’t you think people working for these secret services will do something about it? Hope she’s right and this is certainly a sign that gives hope. Thanks

dbCooper October 15, 2013 3:13 PM

One wonders, what if all the spam-bots could send their messages encrypted, even on a temporary basis. If indeed the NSA holds all encrypted data indefinitely, for later analysis/cracking, might this possibly overwhelm them?

I realize the near impossibility of getting the spam operators to collaborate, but this could be an effective civil-disobedience act.

Alternately, maybe the NSA would just increase their budget to deal with it.

Scott October 15, 2013 3:30 PM

“This implies that, despite BULLRUN, encryption works. Ubiquitous use of SSL can foil NSA eavesdropping. This is the same lesson we learned from the NSA’s attempts to break Tor: encryption works.”

Maybe our goal should be to get the entire internet running under BTNS IPsec. We reduce mass surveillance by forcing them to do a man in the middle attack if they want to listen in on IP traffic.

Brian M. October 15, 2013 4:00 PM

Actually, requiring the Lads in Lagos to use encryption would be an absolute blast.

“Thank you, Mrs. Abacha, but due to my company’s weapons shipments, we must discuss all matters using encryption software.”

Oh, and please log onto this special website for me…

Carpe_Noctem October 15, 2013 4:51 PM

I am reminded of something I heard from Eben Moglen. He was talking about the 90’s cryptowars and mentioned that after the Zimmerman battle, at a after-dinner party a top NSA lawyer said (paraphrasing)

“We aren’t going to prosecute (Zimmerman), and encryption is going to become available. We were simply delaying the inevitable. But…. no one cares about anonymity, do they?”

To which Moglen said he realized that was going to be the fight he spent the next 20 years on, and that we are losing that fight.

The 6 degress of Kevin Bacon social graph building is essential to the turn-key totalitarianism William Binney refers to as already in place.

PatG October 15, 2013 4:55 PM

Interesting that 1/3 of the address books collected came from the “NSA’s Australian counterpart”. I’m sure everyone expects the five eyes countries to be doing everything the NSA is doing but this is the first mention of anyone other than US & UK “intelligence”, just in case there were still any doubters.

65535 October 15, 2013 5:13 PM

I say de-fund NSA until this mess is sorted out. Take Bruce’s advice and use encryption (don’t be cowed by the idea it will flag you).

65535 October 15, 2013 5:47 PM

Although, I have an old Gmail account and years ago I turned on SSL for my session to Gmail servers, can someone clarify that all Gmail accounts use SSL/TLS end to end?

I notice that Yahoo, Microsoft and Gmail all use the old Microsoft “Forms based Authentication” for logon. That is the logon page is SSL/TLS for securing weak passwords but may drop to normal Http for duration of the session (or at least used to). You can send Gmail to non-Https recipients. Which means at some point the SSL is dropped to straight Http and the receiver can get clear text emails if their system does not support SSL/TLS. That is why I quit using Gmail for anything of importance.

Further, doesn’t Gmail, keep the crypto keys at Google. Thus, Google would be forced to turn over said keys to the NSA if given a legal notice (which I assume they have). Hence, SSL or no SSL Gmail is not very secure (The same goes for all major Web-based email systems – except a handful of Lavabit style services and for pay encryption email services).

Scott October 15, 2013 5:49 PM

I kind of want to see people start creating botnets that use tor, send emails, use cryptographic tools, browse the internet, post on facebook and/or twitter, post on forums, etc. for the sole purpose of adding massive amounts of white noise to all protocols on the internet. It would work against both the NSA and corporate tracking.

Dirk Praet October 15, 2013 6:17 PM

One more amusing bit: the NSA has a spam problem

Really !?

  • Closed session breefing at Fort Meade –

Admin: “General Sir, our databases are corrupted beyond repair because someone forgot to renew the license for our anti-spam systems.”

Alexander: “What the (censored) !!!!!!?????”

Shady bureaucrat at the other end of the table whispering to his colleague: “If this goes wrong, we can always blame that Snowden guy.”

Other bureaucrat: “Yeah, let’s do that. And let’s fire big mouth over there too before he brings up those power issues in Utah again.”

Colin October 15, 2013 7:02 PM

@BJ No, AOL does not own ICQ anymore. ICQ was sold to Russians. Although, I don’t think this will give you a peace of mind.

Funny, spammers are not that bad after all.

Brian M. October 15, 2013 8:09 PM

@Scott:
I kind of want to see people start creating botnets that use tor, send emails…
Um, these are called people… :p 😉

Mike the goat, a few blog entries ago, posted a link to a script that encrypts some random Google news pages along with some provocative subject lines, and sends it to a few email addresses.

Figureitout October 15, 2013 8:17 PM

Well the question still persists…what if the spam…really isn’t spam? So now we have analysts parsing spam and brute-forcing crap…The derp-train continues full steam ahead. Really, it’s more of mutually assured destruction; and speaking merely for myself, I was grabbed by the throat first.

I was able to affect a presidential debate poll on twitter w/ a bunch of garbage lol.

The NSA can’t even properly power their new databases…new engineers that don’t know what they’re doing…christ they just wasted a bunch of taxpayer dollars…meh who cares we’ll be bankrupt here shortly.

ACruz October 15, 2013 8:17 PM

@Bruce’s article:
Spokesmen for the eavesdropping organizations reassured The Post that we shouldn’t bother our heads with all of this. They have “checks and balances built into our tools,” said one intelligence official.

[…]

Now the N.S.A., the C.I.A. and the White House use the term to refer to a secret organization reviewing the actions it has taken and deciding in secret by itself whether they were legal and constitutional.

Just a quibble but it seems that NSA refers to the checks and balances being in their tools somehow, not as a separate organization.

Scott October 15, 2013 9:12 PM

@Brian M.

Yeah, I should probably have clarified that the intention was for them to create fake identities.

Chilling Effect October 15, 2013 11:22 PM

It seems clear that Clapper, Alexander, and company have concluded that the inherent nature of terrorism makes it essentially impossible to reliably detect terrorist plots before they do harm.

The only possible way to address this problem is to assume that everyone in the world (other than loyal CIA analysts, of course) is a terrorist. Such an assumption has numerous benefits. First, it eliminates any concerns about legal or constitutional constraints of surveillance. After all, everyone is an Enemy, including United States citizens. Freedom and privacy are irrelevant if the Homeland can’t be kept secure from ubiquitous terrorism. (And that includes the many terrorist plots that have already been thwarted. We need to ignore the fact that all of them were instigated by FBI agents, who meticulously shepherded the perpetrators through each step of the plot until the time was right to announce the Big Catch.)

Second, and most importantly, it creates an imperative to continually expand the scope of surveillance to the greatest possible extent. The larger and more pervasive the dragnet, the greater the chance it will intercept the Signal leading to the Big Break that fully justifies every blanket interception and secret court ruling that overrides inconvenient constitutional constraints. For continued expansion is the Imperative of every bureaucratic organization. And there is no better way to facilitate that Imperative than secrecy in the name of fighting an endless War.

For that matter, the TSA operates under exactly the same philosophy. With so few terrorists seeking to repeat 9/11, they must treat everyone who requests the privilege of air travel as a convicted terrorist or criminal, at least until screening proves them innocent. Periodic interdictions of drugs or other contraband unrelated to the TSA’s Mission provide indisputable proof of the agency’s ability to interdict any terrorist who happens to walk into a checkpoint.

Either way, it’s worth giving up our liberty and privacy. Some day, either agency might stumble upon the Big Catch that makes it all worthwhile. But they can only do that if they’re allowed to continually expand their scope and authority without checks and balances getting in the way.

Wael October 15, 2013 11:24 PM

@ Figureitout,

I got this:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed::”igetsfckedintheA@yahoo.com”:
SMTP error from remote server after transfer of mail text:
host: mta5.am0.yahoodns.net
delivery error: dd This user doesn’t have a yahoo.com account (igetsfckedinthea@yahoo.com) [0] – mta1140.mail.gq1.yahoo.com

What gives? 🙂
Quick! Someone claim that email address, one of the few names left 🙂

Rolf Weber October 16, 2013 2:32 AM

@65535
Even if Google handed over their keys (which still is nothing more than a conspiracy theorie), it would still provide a good protection because it’s using PFS. Even with the keys, the NSA could only eavesdrop with a man-in-the-middle. I really doubt this would work out undetected in bulk mode.

Another comment to this:
“Google, Yahoo, Microsoft, etc., have no idea that this is happening, nor have they consented to their data being harvested in this way.”
Why should they bother when they already provide the NSA with a “direct access” to their backend servers?
Sorry guys, this is another reason why Snowden’s “direct access” claim was a lie.

rock October 16, 2013 3:00 AM

From the Post article (second last paragraph):

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

Does that mean Iranians can protect their contact books – by spamming the heck out of NSA servers?

Pete S. October 16, 2013 4:19 AM

@65535 – The connection between a user and Gmail is secured by SSL/TLS. However, this only protects data in transit between the user and Gmail. It does not offer any protection for the message while in storage in Gmail, nor as it gets shuttled around various internal systems at Gmail (e.g. the connection between the incoming mail server, the spam-scanning server, and the storage server are all unencrypted but they’re internal to Google so this is usually not a problem).

Additionally, Google has stated that they do not encrypt back-end connections that link their various datacenters, so it’d be possible to snoop messages on the wire if they get moved between facilities. They’re looking at securing these connections shortly.

Gmail does support STARTTLS for both incoming and outgoing mail: if a Gmail user sends or receives a message to/from a user of a non-Gmail mail service that also supports STARTTLS (in my experience, this is typically around half of mail services out there) then the connection will be encrypted while in transit. However, since server-to-server exchanges of mail don’t have any human interaction and some admins setup STARTTLS incorrectly (e.g. not including the correct certificate chains) many mail servers are quite permissive about the certificates they accept — server-to-server connections are relatively secure from passive eavesdropping but are generally not secure from MITM attacks.

In short: no webmail service, even Gmail, can offer true end-to-end security in a secure way. However, they can minimize possibilities for snooping such that the government would need to go through Google Legal rather than just snooping stuff on the wire. Gmail is quite good in that regard compared to other providers.

Wesley Parish October 16, 2013 4:25 AM

“Spam has proven to be a significant problem for the NSA — clogging databases with information that holds no foreign intelligence value. The majority of all e-mails, one NSA document says, “are SPAM from ‘fake addresses and never ‘delivered’ to targets.””

NSA. Bottom-feeders. Glorified sea-slugs. Just ask any competent zoologist.

I think we need a new word for “terrorist” and “terrorism” since it is now so widely used that it defines anything – replace “terrorist” with “pterorist”; descended from the pterodactyl, the wild pterorist commits acts of pterorism, which inevitably fill bureaucrats with pteror.

The subspecies of pterorist can be discerned by the suitably trained bureaucrat: the commie pterorist, the islamic pterorist, the domestic pterorist, the non-violent pterorist, the dissenting pterorist, the parking-ticket pterorist, the musical pterorist, etc. One species of pterorist which has become extinct in the intervening years since its hothouse evolution in Central Europe half-way through the preceding century, is the Jewish-Communist-Capitalist Pterorist; its place has been taken by the Islamic Pterorist in the annals of Pteror.

If everything tastes like chicken, what does chicken taste like?

Romer October 16, 2013 5:08 AM

“Metadata equals surveillance; always remember that.”

Once again I have to disagree.

Metadata = data = “papers and effects” = general warrants. All the same, and all an egregious breach of the 4th Amendment.

To accept any kind of false distinction between “data” and “metadata” is also to accept the logic of these patently illegal activities.

999999999 October 16, 2013 7:46 AM

Bruce,
Can you write a blurb about the difference between a secure channel and encrypted communications. My writing-fu is weak but the idea is this:
Secure channel example- point to point communication that is supposed to be shielded from outside listeners or corruption
Encrypted communications- can be shouted from the rooftops but only the people who have the decoder can get the information

CallMeLateForSupper October 16, 2013 7:50 AM

@ B.S.
“This implies that, despite BULLRUN, encryption works.”

This implies that encryption => helps <=.
After all, 33,697 email addys were hoovered up. (I wonder what percentage that is.) If I knew that my personal encryption was secure, say, 99 percent of the time, I would be very unhappy…. and I would not say flatly, “It works”.

We might better be more circumspect, perhaps take a page from advertising’s mealy-mouth book, e.g.:
“Encryption helps thwart interlopers”.
“Encryption can be of significant value when used in a consciously applied ComSec program.”
(But we don’t want to follow drug companies’ lead and proclaim, “Encryption is not for everyone; ask the NSA is encryption is right for you.”)

Dirk Praet October 16, 2013 7:59 AM

@ Rolf Weber

Why should they bother when they already provide the NSA with a “direct access” to their backend servers?

I believe this question has been adequately answered by several commentors on a previous occasion when you presented your paper. No TLA with half a brain is putting all its eggs in the same basket. They will always aim for redundancy in case any one method or information source gets compromised. Please stop being anal about this.

Mike the goat October 16, 2013 8:04 AM

Brian M: and the good news is they haven’t knocked at my door yet, shot my dog and water boarded the little old lady who house sits for us in the fall. 🙂

ER October 16, 2013 8:06 AM

the federal identity management program (USPS/SecureKey) will require users, for now, to choose their own single ID, with google being one of the available (and more likely) choices, so this notion that gmail is somehow a better option for general public as a layer of privacy from govt snooping seems contrary to way I see it

Clive Robinson October 16, 2013 8:13 AM

@ Romer,

    Metadata = data

Sorry I have to disagree slightly,

    Metadata = data about data

Which actually makes it altogether more valuable than plain old base data which is often contextless. Meta data adds context to otherwise meaningless or contentless communications.

During WWII a young cryptographer at Bletchly who was so poor he had to borrow a pair of trousers, came up with a method to gain inteligence from who was contacting whom and without even seeing the content of the encrypted communications. By comparing current traffic to past traffic he deduced that Germany was going to bring out it’s prize battle ships from safe harbour. Because Naval inteligence did not understand the importance of meta data a large number of lives were lost.

After the embarisment, they started to take him very much more seriously and his method became known as “Traffic Analysis” and it’s modern equivalent covers all types of contact/communications to such effect it’s often possible to work out what an organisation is going to do before the majority of the organisation even realises there are things to be done. This is carried out by the likes of “business analysts” who can predict takeovers etc and make advance investments very profitably.

It’s often said “Knowledge is power” well data is without context at best valuless information, meta data puts data into context and thereby turns into knowledge from which power is obtained, and mostly it’s the context not the data where the real power dwells.

CallMeLateForSupper October 16, 2013 8:40 AM

Reading the slides at http://cryptome.org/2013/10/nsa-sso-slides.pdf
The last item on the last page caught my eye:
[bullet]”Shifting collection philosophy at NSA
[item] “Memorialize what you need” versus “Order one of everything off the menu and eat what you want”

“Shifting”. Humpf! At a glacial pace, if at all. I see no other signs that TIA is disappearing..

Jim October 16, 2013 9:02 AM

It would appear that spam could effectively be used to transmit private information using steganographic techniques (that is unless it’s already being used).

Brian M. October 16, 2013 10:04 AM

@Scott:
Yeah, I should probably have clarified that the intention was for them to create fake identities.

Just create a new fad that everybody needs to have at least two or three sock puppets.

Botnets are for getting around a lack of people to do something. However, for a long time, every time Victoria’s Secret tried to have a video show, they got DDOSed by their own fan base’s enthusiasm.

So, an encrypted distribution list needs to be set up for the “in” crowd. It’ll be “exclusive,” and “provocative” conversations will be “seeded” to “promote interaction.” It will be “suggested” to people that they should have more than one identity, which of course needs to be set up at more than one email provider. Of course the list will be world-wide, thus getting everybody onto the NSA’s spam slurp.

@Mike the goat:
Patience! You have to give these things time. (Presuming that you want them to come visit you instead of just spamming their slurpee.)

David Leppik October 16, 2013 11:08 AM

So if you want to send private messages, make them look like spam.

Since so many spam messages are padded with Markov chain random text, just write a Markov chain spam generator which uses an encrypted message in place of a random number generator– and make sure it doesn’t throw away any bytes.

Then be sure to send your message from a random PC, so it looks like it was sent from a spambot. And make sure your recipient checks the spam box.

Bob Robertson October 16, 2013 11:58 AM

Jim got to it before I did.

What happens when the NSA realizes that the spam mail torrent has been the Bad Guys communications channel all along?

Skeptical October 16, 2013 12:24 PM

The slides themselves indicate that the NSA views the amount of data being collected as undesirable. No firm conclusions can be drawn from the small amount of information presented in the published leaked material, but to my eyes that implies that the NSA is not interested in creating enormous social graphs of the entire world. Instead they’re interested in mapping connections to targets, determining which connections matter, following those, and ignoring the connections that do not matter. At the end of the day you’re going to need a human being to examine and decide whether the result of a query or analysis is actually of value, and there isn’t any Moore’s Law for human thought, much less for the efficiency of progressively more complex organizations.

This is still compatible with a “save now, query later” plan, under which one would save some of the apparently useless data, on the belief that future events may reveal some of that data to be useful after all. But it’s not compatible with wasting time processing and analyzing social graphs that lack any meaningful connection with a foreign intelligence or counter-terrorist target. It takes a lot of contextual information to render a social graph meaningful, i.e. to identify which nodes are friends, lovers, business associates, etc. And that contextual information requires a lot of hours and resources.

This still puts an additional tool in the NSA’s pocket should an individual or group become a target. I’m not so sure that it, by itself, meaningfully increases any overarching danger to civil liberties however. An oppressive government is able to be oppressive without the tools of the NSA – indeed, every oppressive government in history has done so. This tool would make it a little easier, but if the government as an institution were already oppressive, the presence or absence of this tool wouldn’t make a decisive difference.

Of course, if any local law enforcement officer or government official were to be able to easily run a query over that type of database, with no more effort than it takes to run a license plate, then I think there’d be a real problem.

I suppose there’s also the “creepiness factor”, the unease that one’s information lies in anyone’s system. As we’ve become accustomed to the amount of information collected by Google and other companies – certainly they collect many more email contacts than the NSA – I think that factor has subsided for many of us, though.

I write all of this with full respect for the concerns and views of those who think otherwise. I’m not dismissive of those views, which I think are important. So – take the above in the spirit intended.

Rolf Weber October 16, 2013 1:58 PM

@Dirk Praet
Maybe my arguments were answered, but in no way disproved. I still intend to answer to your last post there, but need to find some time.
For short: Redundancy is ok, but this has nothing to do with the fact that nobody runs a high-risk attack when he can achieve the same goal comfortably.

But this was not my point here. Sorry for my mistake, blame my limited english. I wrote “bother”, but wanted to say “mind”.
My argument here was out of the view from Google & Co. If I understand Bruce correct (he has access to the documents we haven’t yet), then Google & Co. would be all than amused if they knew the NSA would gather their data revealed here. And they would try to do something against it (like Yahoo will do now, finally). But what sense would this make, if they already provided the NSA voluntarily with a “direct access” to their backend servers (like Snowden claimed)? Why should Google & Co. mind, if the NSA could gather parts of already provided data otherwise?

You should face the truth, the “direct access” was a lie. The lie is more and more contradicted by other revelations like this. And I’m pretty sure more revelations will come which will contradict it even more.

Bauke Jan Douma October 16, 2013 3:23 PM

There are no checks and balances.

Sooner or later you can bet your sesame buns that the balances,
and the checks, will be presented to you, mr. Keith Alexander.
This will be so because a subversive parasitic institution like you
run will soon find out that howver paranoid you may be, you do
have real enemies.

And furthermore, NSA esse delendam.

bjd

Bauke Jan Douma October 16, 2013 3:40 PM

@ Rolf Weber

Google doesn’t exist. If is does — then within varying and very
different jurisdictions. From that follows all the other differentiation.

Nuff said.
Have a nice evening.

Wael October 17, 2013 12:47 AM

@ Mike the goat

You da man, Mike the goat. you DA MAAAN! Good catch!
@ Figureitout, someone figured you out baby! Seems you chose the right email name after all!
Just kidding, I know you put this as disinformation 😉

65535 October 17, 2013 2:36 AM

@Pete S.
Thanks for your input. This makes me even more irked with Google.

To the “SSL end to end” problem with Google and all big free email services in US Jurisdiction, I’ll pose two items:

A) the most favorable out come: I log in to Gmail’s SSL/TLS page (if I have the Google SSL logon page bookmarked I go directly to said logon page via SSL and login. I turn SSL for my Gmail account. I send an email to my GoDaddy Administrator to make some changes. My Godaddy Administrator has some mild intelligence and uses SSL for his Godaddy email.

Hence, my email should travel via SSL to Google’s Gmail via SSL and then become unencrypted when hitting the interior of Google. It gets place on my contacts list, and “sent mail” which is probably harvested by the NSA. Then my email exits Google via StartTLS and Godaddy make the handshake and then transports my email via SSL/TLS to GoDaddy, as it hits the perimeter of Godaddy’s system.

Once inside Godaddy it is decrypted and travels in plain text to my Administrator’s account and his contact list (which is probably harvested by the NSA). So, as far as I know my email “travel via SSL” and I am some what pleased and am somewhat ignorant.

B) Here is a less favorable outcome: The same scenario as situation A except my GoDaddy Administrator is out of the office and using a iphone in an area which does not handle SSL/TLS (Yes, some iphone and rural providers don’t provide SSL/TLS).

My Administrator then retrieves my email for GoDaddy and it is sent in the clear (plain Http) to his iphone and his via contact list and recorded in his sent email (at which time the NSA harvests his contact list). My Administrator needs to contact and distribute my email to some of his staff regarding the problem via iphone without SSL – and does so (say, via CC box or the like). My clear text email multiply by the number of staff members who got my “cc” email from my Administrator’s unencrypted iphone and probably copied or data mined by the CDNs.

The end result is my email is sent by plain Http from the GoDaddy servers to Administrator’s iphone. And, my email is in the clear and passing through a number of cache machines and CDNs for a number of hops – and can be data mined or port mirrored for meta data and actual full content. The same cache machines and CDNs now most likely have my email in clear text (and probably the NSA). I find out about the clear text iphone and I am less pleased. Google’s SSL only provided superficial security (and possibly clogs the backlog of non-decrypted emails in the NSA’s ques).

@Rolf Weber
Do you have any documentation that refutes Bruce Schneier’s posts or Edward Snowden and his documents? I would like to see them (assuming they are not from the NSA lie machine or lackeys like Barbra Boxer).

I have found General Alexander, James Clapper and the like to tell untruths and provide “least untruthful” statements! They have lost my trust!

Rolf Weber October 17, 2013 3:33 AM

@65535
Bruce Schneier did not yet clearly claim that the NSA had a “direct access” to Google & Co., at least I’m not aware. He made some suggestions, but no clear claim. Nothing of what I read from him I could refute.

And I don’t deny authenticity of any of the documents revealed by Snowden.

Snowden is the only one who clearly claimed the NSA had a “direct access” to Google & Co. Not even Guardian and Washington Post claimed it (ok, the Post claimed it in the first place, but then back-pedalled …), they just said that the PRISM slides would show that there is a “direct access” — but this is a lie, too, because actually the slides doesn’t show it.

I discussed this here before, see
https://www.schneier.com/blog/archives/2013/09/another_schneie_3.html

Terry in Phoenix October 17, 2013 3:40 AM

Our country (U.S.A.) was founded on having three separate branches of government. The Executive Branch controls and has access to all the data from the NSA. The NSA, the FBI and the CIA all work for the President of the United States. How can Congress and the Supreme Court sit idly by and let the Executive Branch read their emails and track their phone calls? The founding premise of this nation has been violated and the President has been given the “Keys to the Kingdom”. The previous resident of the White House was not tech savvy or anything savvy for that matter. However this President is tech savvy and knows how to use that data. And every President from now on will also. We no longer have a Republic when one and only one branch of government can spy on the other two. How can the people, the Congress and the Supreme Court not see this? This country is so screwed!

Mike the goat October 17, 2013 5:15 AM

Wael: I am not “da man”. I am an internet enabled goat. Bet DARPA regrets their caprine<>human IVF program now! 😎

65535 October 17, 2013 5:17 AM

@Rolf Weber

Regardless of you English abilities you have not provided any documentation. You danced around the issue and linked to some PR Giggle dribble. It’s well known Giggle is in bed with the NSA guys.

As of now Snowden is more credible than the NSA. Your argument could be used against any of Bruce Schneier’s carefully documented posts. Your arguments don’t show merit. Post some documents. End of discussion. Good day.

Rolf Weber October 17, 2013 6:09 AM

I’m not the one who has to provide documents. You cannot document something that doesn’t exist.
It’s up to the ones who claim something to actually prove it. This did not happen so far.
I clearly showed that the “proof” provided so far for the “direct access” claim actually proves nothing.

Veritas October 17, 2013 9:25 AM

@65535
Rolf Weiber’s logic is only contains a blunt denial, meaning that he does not add any new information to the discussion. For this reason he is not providing some new path that the discussion can logically follow (actually he is merely saying: do not follow the already established path because it is a lie).

Additionally he claims that the Google direct access claim only comes from Snowden when it is shown in the documents tied to the articles (I think one of the responses to his rant earlier had links to these).

The same logic of denial can be used about the other claims that have surfaced in connection with these documents and which we only receive limited information about.

Rolf Weber is just stuck on that claim about Google and likes to call it a lie (why such an emotionally loaded term?) without providing any new information on the issue.

Jan Doggen October 17, 2013 10:01 AM

How about worsening the spam problem by all BCC-ing our emails to NSA email addresses? With the usual disclaimer about ‘intended recipient’ of course.

Dirk Praet October 17, 2013 7:32 PM

@ Rolf Weber

You cannot document something that doesn’t exist.

Interesting. You have just nullified several thousands of years of religious debate.

Redundancy is ok, but this has nothing to do with the fact that nobody runs a high-risk attack when he can achieve the same goal comfortably.

I don’t see how eavesdropping on http and other clear text traffic constitutes a high-risk attack. Any lamer with a basic working knowledge of Wireshark can do that. It’s not exactly a precious 0-day, and the NSA would actually be quite stupid not to do so as these data flows are essentially up for grabs once you’re sitting on a backbone.

I discussed this here before, see
https://www.schneier.com/blog/archives/2013/09/another_schneie_3.html

Rolf, you’re barking up the wrong tree. There was exactly no one on that thread buying in to your arguments. Nobody can prove that Snowden was telling the truth about “direct access”, but I would say that the man at least has some credit, even if we haven’t seen any specific document yet as to that claim. On the other hand, neither are you offering any direct proof that he is lying. All of your arguments in a courtroom would get thrown out as speculation, conjecture and hearsay, and that’s exactly how they were interpreted by the folks who read up on your document. So please stop obsessing about it and come back when you can make a more convincing case.

Wael October 17, 2013 9:26 PM

@ Rolf Weber,

Give it up, Rolf!

You cannot document something that doesn’t exist.

Sure we can! We can document future plans, that do not currently exist, and may never take place. There you go! A counter example.

@ Dirk Praet

Interesting. You have just nullified several thousands of years of religious debate.

Keep playing with the piraña 🙂

Mike the goat October 17, 2013 9:49 PM

Wael: hmm…. Does Rolf work for the NSA or something? I would suggest that Snowden is very credible. He wouldn’t have been persued so vigorously had his disclosures been bunk.

Wael October 17, 2013 11:40 PM

@ Mike the goat

I doubt he works for NSA. Maybe we can get him to post a couple of pictures, and you can tell me in which library he operates? It maybe the Bundesnachrichtendienst library 😉

Snowden? I don’t know what to believe…

He wouldn’t have been persued so vigorously had his disclosures been bunk.

Not necessarily! What if that’s part of the game?

Mike the goat October 18, 2013 8:18 AM

Wael: I can tell you with certainty that uh, our friend who is staying as a guest of the Ecuadorians yet not in their country per se (trying to avoid this coming up on a Google search) isn’t who he seems to be and his vigorous perusal is all a big game. I have known of the guy for a long time as far as back as when he was running a dialup shell account service called sub-bia-urb (transpose set 3 and 2) DOT net in the early 90s. He got done for computer crime and faced federal time in an Australian federal prison. A deal was put on the table – help us and we will make the prison time disappear. He agreed and indeed received a govt paycheck for a time. I can definitively confirm that he worked with A-I-S-O (subst 2 and 3). I lost contact with him (he occasionally attended a university special interest group as well as a Linux user group but generally shunned publicity. Many in the scene regarded him as schizophrenic and/or delusional) and heard nothing about him until he was suddenly in the news re wikileaks. This surprised me at the time as I heard that he had worked WITH the NSA on a collaborative project. My suspicion is that wikileaks may be a honey pot. It is also possible that he turned on his employers. Really quite surprised that none of this has come out. If you do some digging on the web archives, Usenet (aliases he used were me AT the domain I spoke of earlier, and check the pgp key servers as there is a trail, there was also a Swinburne university address too… At the time he was living in a property in Carlton in Victoria, Australia .. Grattan st if my memory serves me right) you will find substantiating information.

I never liked the guy. I met him on a few occasions, hell he even signed my old PGP key but he wasn’t a pleasant kind of guy. Loved to talk about himself. That said I have obfuscated some of the info here so at least people can’t find it in a casual Google search. I think that’s only fair.

So the bottom line is if I had betrayed one of the Five Eyes countries I sure as hell wouldn’t be submitting the data to wikileaks. I know at least one original member of wikileaks who came to the same conclusion and left the organization.

Oh, and another thing you may not know – our friend in England was quite famous in 2600 circles in AU/NZ around the early 90s as he wrote one of the first reliable credit card number generators. It reportedly cost the Commonwealth Bank a lot of money. Yes I had business in that part of the world between 1990 and 1999 so this info is first hand.

Okay, back on topic: indeed it seems I have a penchant for identifying library computers! 😉 I take a lot of notice as visual displays are a novelty when you are an internet enabled goat (my horns are MiMO HSPA+ antennas if you look carefully).

Skeptical October 18, 2013 9:21 AM

Well, there’s something to Rolf’s point which I don’t think is answered by a desire for redundancy or different jurisdictions. Some of this – a lot of this – depends on what one means by “direct access.” If it means unfettered access to a company’s information systems, then this type of messy, time/resource consuming collection probably indicates that the NSA doesn’t have direct access. If however “direct access” simply means a service that facilitates the process of securely sending data that is subject to a lawful request by the government, then I do not think that this collection indicates that NSA lacks “direct access.”

The jurisdictional issue is a problem for a company that is attempting to comply with the laws of all relevant jurisdictions. Company X receives a lawful request for information from Government A in Nation A, but the request involves Company X employees who live and work for a subsidiary in Nation B. The extent to which Company X must comply with the information laws of Nation B, even if they conflict with the lawful request from Nation A, can be tricky for a multinational. Plenty of articles about this in connection with litigation in the United States that involves companies with employees and affiliated entities in the EU.

However, this would not necessarily be a problem for an intelligence agency with unfettered access to Company X’s system.

So I think Rolf is correct that this revelation casts further doubt on unfettered access, but I do not think it casts doubt on more limited forms of data connection.

Figureitout October 18, 2013 9:46 AM

Mike the goat
–Well, not a library, more of a computer lab underground. You should come check it out, any member of the public can get in and wait for someone to leave their logon exposed and you got an account. Walk around w/ a goat and I’ll know it’s you…lol. Interesting info Re: leeks of wick-e (avoid google search lol); you really can’t trust anyone so I guess me saying I have no connection w/ feds in any way doesn’t mean much.

Wael
–If I really cared about being identified I wouldn’t even be on the internet (well by my own choice, you can have physical pictures of you put there w/o your consent). I’m pretty sure I got your identity down, baby. Maybe you know me? 🙂

Mike the goat October 18, 2013 11:46 AM

Figure it out: don’t worry I made a big opsec stuffup before. I would be a lot more careful if I was in serious danger.

Mike the goat October 18, 2013 12:28 PM

Figureitout: speaking of using other people’s sessions a few years back before Facebook started using SSL by default we used to have a lot of fun. I had a 20dbi parabolic wire mesh 2.4ghz antenna and an antenna rotator I got cheap from a ham swap meet. I put it up on our TV antenna pole and ran the 50 ohm coax and the antenna rotation stepper wires down and into my home office. So I ended up using facesniff and some nice little python scripts and a 24xGPIO USB board I got off eBay.

I connected up the “step left”, “step right”, “step up”, “step down” and “return to center” switches to the relays by just unsoldering the pushbuttons and just soldering some hook up wire over to my relay board.

The USB GPIO board just presented as a ttyACM device on Linux and you could just issue commands like gp1=1 or even gp1=1,2 to switch GPIO pin 1 high for two seconds in the case of the second example before setting it low again.

Anyway I modified Kismet a bit and ended up getting a nice little database that had, instead of gps locations for each SSID found it had antenna rotator settings.

I wrote a little daemon to move the antenna that listened on a FIFO for commands. The L/R had 16 steps of movement and the up down tilt had 4 steps of movement. The third axis could rotate the entire antenna’s polarization. We didn’t bother with that as our dish was not really polarized and we got the same results no matter how it was polarized.

Anyway our scanner would start from the far left (with tilt at 2 – normal) run kismet for a few minutes, if it found any WEP networks generate tons of traffic to capture enough IVs, otherwise try a WPS reaver attack, if it got a WPA auth packet it would keep that too for later cracking. Anyway it would then go to pos 2 and so on. Once it did the whole plane it would repeat with the tilt on a different setting. It took about six days but we finally had stacks of networks mapped.

Some of the networks were as far as 18 miles away (often the SSIzD would give the location away). Anyway we figured we would have some fun. We figured an attack would result in a rapid reconfig to security (or from wep to wpa2) so it was two pronged. We made a postscript file of a dionsaur talking saying “Trex loves your WiFi” and any printers we could elucidate using samba tools we pumped it into the lpd 9100 port. The second attack used facesniff to get a session id for an active Facebook session. We would then use the active session to add one of our buddies as a friend with the text “I want you. I saw your advert for good times.”

Our buddy got 300 new friend requests and the printer behavior made it to the local newspaper.

Of course we could have used ARP proxying to MITM internet banking etc. but this wasn’t a malicious attack, just a bit of teenage fun. We singlehandedly drove adoption of WPA2 in our city that fun summer.

Rolf Weber October 18, 2013 1:19 PM

@Skeptical
Of course I could imagine such a “direct access” as well. We know from Snowden’s documents that the authorities can enforce real time notifications, so of course some kind of an interface is possible.

But this is not what the press suggested and what Snowden claimed: An unrestricted direct access to the backend servers.

Figureitout October 18, 2013 1:54 PM

Mike the goat
–I have stopped my opsec so the spies/feds will just leave me alone; I wouldn’t be posting screen shots of pumpkin butts and my college if I cared lol. It’s finally starting to work; many of the agents are moving on finally. The fact it took them so long to determine I was not a significant threat made it clear to me they are incompetent and not really protecting us. I have a few other “hunches” but they are a tad extreme but if they are true, then wow I wonder how much other damage these psychopaths have done.

Re: Hackery
Lol, nice, you a ham? You would probably really like digital radio, fldigi is on linux now. I was trying to be a “suburban gansta” when I was a teen, retarded. As of now, I’m taking more to building up some basic circuits/components (got my mind set on an opamp now); I’ve got a boatload of toys to last me a long time. Speaking of toys, that damn target cash register did it again (“Thank you, come again!”) so I’m taking it apart and then trashing it. I’ve thought of being a real dickwad to my neighbors; jamming wifi for the neighborhood, maybe change their t.v. channels in a loop (got an IR led and receiver now); but I’ve resisted that urge and under surveillance they would charge me or steal my hacks.

Wael October 18, 2013 2:34 PM

@ Figureitout

Glad you did not leak your identity by mistake, I was feeling kind of guilty.

I’m pretty sure I got your identity down, baby.

Daisy if you do!
— Doc Holiday, Tombstone.

Maybe you know me? 🙂

I doubt it…

Figureitout October 18, 2013 4:12 PM

Wael
–Yeah no mistake, so many “good” agents have though; it’s ok, free training from me…oh and still no email from you. 🙁
I don’t doubt it, so agree to disagree. I come in peace so long as you do.

Nick P October 18, 2013 4:44 PM

@ Mike the Goat

I think the guy you speak of wasn’t a honey trap. He embarrassed and infuriated DOD, the Feds, contractors, and even the ultra powerful banks. The banks eventually did his ass in if I remember. His success, their failures and his current situation indicates his operation was probably legit. Plus, I can’t see what they would get out of it considering it was US govt most at risk and they would be propping up a huge threat to themselves.

That said, Wikileaks might have had a side goal of making one guy money. Dude was a crazy, self-absorbed prick. It’s why I didn’t join their effort although there were some fun technical challenges in there. His main partner seemed OK I just didn’t think his own later effort would accomplish anything after seeing what happened to Wikileaks. I didn’t think it was worth the risk to help him. I think their operation failed completely.

@ figureitout, Wael

” I’m pretty sure I got your identity down, baby.”

And I’m pretty sure I got his employment history and a patent filing on top of that. 😉 Wael’s record shows a history of engineering talent. Unsurprising considering my past conversations with him.

Wael October 18, 2013 5:30 PM

@ Figureitout,

oh and still no email from you. 🙁
I don’t doubt it, so agree to disagree. I come in peace so long as you do.

I am a man of principles (security and otherwise). Don’t expect an email from me. We settled that a while back with Nick P and Clive Robinson[1]. I do keep my word, and I intend no harm to anyone.

@ Nick P,
My linkedin profile went un-public. Keep the information for your eyes only. Thanks for the kind words, I certainly don’t deserve them…

[1] Sorry, Nick P for bringing up an old chat. Still working on the limerick 🙂
https://www.schneier.com/blog/archives/2012/07/friday_squid_bl_328.html#c821974

Clive Robinson October 18, 2013 6:42 PM

@ Wael,

The link you have posted reminds me of a couple of things,

Firstly your words can come back to haunt you, as in your case,

    Sometimes chatting over private channels is boring and gives you a false sense of privacy — You know, you might as well make it easier for them® and write in the open. Kiss privacy goodbye 😉

Made me wince on re-reading as did both @Nick P’s and my own. We wrote those words a year befor Ed Snowden’s revelations. And because we are cautious folks (OK we looked Paranoid but as the saying goes …it doesn’t mean they arn’t out to get you) and had thought through what was possible technicaly we were acting cautiously.

The second point is though we now look like bona fide “futureologists” which is not good. It actualy hurts to be proved right because of the harm done by the TLA’s. It’s not a case of “innocence is bliss” but “thinking the worst of people” as an abstract thought about where technology could lead and then finding your darker thoughts are normal and everyday for these people. And the “peace dividend” from the cold war is, we are not as it was then, in the castle looking out but are now the enemy within, and as with prisoners our every movement watched and recorded in the great panoptican our societies have become.

There is a saying about the three sign posts to disaster, the first is only visable with hindsight, the second only seen by the wise and the third seen by all.

Those corner of the eye glimpses of sign posts that most don’t see are getting more and more frequent the older I get and it’s not nice. Because you get that back of the head thought, am I just seeing the future or am I making the future.

Nick P October 18, 2013 7:19 PM

@ Wael

” Keep the information for your eyes only.”

Naturally. It’s why I didn’t say what the source was. Common courtesy.

“[1] Sorry, Nick P for bringing up an old chat. Still working on the limerick :)”

I was kinda harsh in the old debate. I apologize for that if I haven’t already.

Re limerick

Go for it haha. Only thing is Nantucket ain’t got nothin’ on where I’m from, buddy. We hardcore out here. I’m sure I’ll eventually slip and give it away, then you’ll have your perfect limerick. 😉

Mike the goat October 19, 2013 12:34 AM

Wael: I wouldn’t feel so bad. I leaked a username of a work colleague (was borrowing a desk) in a URL posted to a security forum the other day and I should have been more careful. Seems good opsec is easy in theory but hard in practice particularly if you begin with no privacy requirement and later decide you require it… as we know data never goes away.

Nick: well, a crazy self absorbed prick who once had TS clearance. Funny that they never mentioned the aust intelligence angle in the news eh? Wonder why?

Figureitout: yeah I used to have quite an interest in radio. Pissed the neighbors (and city hall) off with a giant latticework tower in the backyard at previous place, haha. I got a letter requesting its removal. Something about requiring permits for levithan structures in an area prone to high winds. Silly city!

Nick P October 19, 2013 1:49 AM

@ Mike the Goat

“who once had TS clearance. Funny that they never mentioned the aust intelligence angle in the news eh? Wonder why? ”

First I’ve heard of it although I admittedly didn’t dig that deep into his background. It would be a ‘funny’ thing, indeed. Might deserve more thought than I’m giving it.

You got any references or evidence with more detail?

Mike the goat October 19, 2013 3:04 AM

Nick: I knew the guy 90s. He faced several years in prison and then “poof” the records are sealed and he is off the hook and working on mysterious “government projects” in Canberra. Can’t validate it, at least on a public forum but when it/if it does come out – you heard it on schneier.com first!

Nick P October 19, 2013 11:00 AM

@ Mike the Goat

Yeah, if it’s validated. Honest or not, he isn’t exactly living the dream right now. 😉

Mike the goat October 19, 2013 1:39 PM

Nick: yeah, I imagine he pissed his bosses off somehow. It figures. The guy is an a**hole. I can partially prove my conjecture if we ever speak outside of these forums.

Completely off-topic. I looked up Fiona Apple on wikipedia as I was curious about the girl after looking at that horrendous squid headpiece she was wearing in the article Bruce linked to. I stopped taking notice of music produced after the early 80s so I had no idea who she was. I dunno if she likes the second paragraph on her wikipedia article. Sounds like something deeply personal to put out there.

Wael October 20, 2013 8:41 PM

@Clive Robinson,

Made me wince on re-reading as did both @Nick P’s and my own. We wrote those words a year befor Ed Snowden’s revelations.

Guess why I didn’t participate in the “movie plot” contest? I would hate to write a fictional story, only to see it materialize in some form or shape sometime in the future!

The second point is though we now look like bona fide “futureologists” which is not good.

True, I think.

Because you get that back of the head thought, am I just seeing the future or am I making the future.

Or, perhaps, is it: Am I like the weatherman, who based on information, some known patterns and science, can predict the weather in the future? Probably that falls under “seeing the future” as well.

Wael October 20, 2013 8:48 PM

@ Nick P

I was kinda harsh in the old debate. I apologize for that if I haven’t already.

You were not as harsh as I was sarcastic. So no apologies needed;)

Wael October 20, 2013 8:54 PM

@ Mike the goat,

I wouldn’t feel so bad. I leaked a username

The difference is that in my case I felt guilty because a person was lead unintentionally to take an action that could have caused him harm.

RobertT October 20, 2013 9:31 PM

@Mike
“Nick: I knew the guy 90s. He faced several years in prison and then “poof” the records are sealed and he is off the hook and working on mysterious “government projects” in Canberra….”

I wouldn’t worry too much about this guy generally speaking these forced marriages fall apart very quickly, but as long as both sides kinda got what they wanted, nobody EVER wants to open those sealed records. As they say in the sports pages your best defense is often a great offense.

The real trouble is you spend the rest of your life wondering if you played the last hand a little too convincingly.

peterk October 20, 2013 10:49 PM

I just bought a new cheap Chinese Android phone. Designed for export with the full suite of Google Apps. I didn’t throw them all out because some are useful, sometimes. I went thru with a couple of tools I’ve got to stop things starting at boot time when I don’t want, and to stop things starting just because another app blinked. I usually operate with wifi and 3G data turned OFF, turning it on only when I want. I don’t maintain a contacts list, I don’t need one, and -they- can work for it if they want it. I must have installed something else unaware that it hooked GoogleServicesFramework. So next morning I turn on wifi, and open a non-Google browser to get a weather map, next thing Google Talk is in my face with a greeting from a family member 10,000 miles away who knows I never use Google Talk, and doesn’t know about the new phone. Worse, there’s also a tab for another family member, said to be “offline”.

Time to head for the hills?

Nick P October 20, 2013 11:04 PM

@ Wael

“You were not as harsh as I was sarcastic. So no apologies needed;) ”

Haha

“Guess why I didn’t participate in the “movie plot” contest? I would hate to write a fictional story, only to see it materialize in some form or shape sometime in the future! ”

It’s happened to me a few times. Fortunately, it didn’t happen for my schneier movie plot. I’m sure the coincidence would be too good for the feds to pass on a SWAT raid. I try to avoid such things. 😉

bob October 24, 2013 7:50 AM

” the NSA has a spam problem…”

If all of us had a screensaver that sent bullshit emails when the PC wasn’t busy, it would help fix the problem. I wonder if I can VOLUNTEER my PC(s) to join a botnet?

Tangential thought: I’ve always wondered if Hormel has a problem sending emails? Or if the government of Nigeria has a problem soliciting people to bid on contracts…

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.