Wednesday, December 3, 2014

The Creepy, Long-Standing Practice of Undersea Cable Tapping

The newest NSA leaks reveal that governments are probing "the Internet's backbone." How does that work?




In the early 1970's, the U.S. government learned that an undersea cable ran parallel to the Kuril Islands off the eastern coast of Russia, providing a vital communications link between two major Soviet naval bases. The problem? The Soviet Navy had completely blocked foreign ships from entering the region.

Not to be deterred, the National Security Agency launched Operation Ivy Bells, deploying fast-attack submarines and combat divers to drop waterproof recording pods on the lines. Every few weeks, the divers would return to gather the tapes and deliver them to the NSA, which would then binge-listen to their juicy disclosures.

The project ended in 1981, when NSA employee Ronald Pelton sold informationabout the program to the KGB for $35,000. He's still serving his life prison term.
The operation might have ended, but for the NSA, this underwater strategy clearly stuck around.

In addition to gaining access to web companies' servers and asking for phone metadata, we've now learned that both the U.S. and the U.K. spy agencies aretapping directly into the Internet's backbone -- the undersea fiber optic cables that shuttle online communications between countries and servers. For some privacy activists, this process is even more worrisome than monitoring call metadata because it allows governments to make copies of everything that transverses these cables, if they wanted to.
The British surveillance programs have fittingly sinister titles: "Mastering the Internet" and "Global Telecoms Exploitation," according to The Guardian.

A subsidiary program for these operations -- Tempora -- sucks up around 21 million gigabytes per day and stores the data for a month. The data is shared with NSA, and there are reportedly 550 NSA and GCHQ analysts poring over the information they've gathered from at least 200 fiber optic cables so far.

The scale of the resulting data harvest is tremendous. From The Guardian:
This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites -- all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

In an interview with online security analyst Jacob Appelbaum, NSA leaker Edward Snowden called the British spy agency GCHQ "worse than" the NSA, saying it represents the first "full take" system, in which surveillance networks catch all Internet traffic regardless of its content. Appelbaum asked Snowden if "anyone could escape" Tempora:
"Well, if you had the choice, you should never send information over British lines or British servers," Snowden said. "Even the Queen's selfies with her lifeguards would be recorded, if they existed."

The U.S.'s own cable-tapping program, known by the names OAKSTAR, STORMBREW, BLARNEY and FAIRVIEW, as revealed in an NSA PowerPoint slide, apparently functions similarly to Tempora, accessing "communications on fiber cables and infrastructure as data flows past," according to The Washington Post. The slide indicates that Prism and these so-called "upstream" programs work together somehow, with an arrow saying "You Should Use Both" pointing to the two operations.

So how does one tap into an underwater cable?
The process is extremely secretive, but it seems similar to tapping an old-fashioned, pre-digital telephone line -- the eavesdropper gathers up all the data that flows past, then deciphers it later.
Screen Shot 2013-07-16 at 11.17.56 AM.png
More than 550,000 miles of flexible undersea cables about the size of garden watering hoses carry all the world's emails, searches, and tweets. Together, they shoot the equivalent of several hundred Libraries of Congress worth of information back and forth every day.

In 2005, the Associated Press reported that a submarine called the USS Jimmy Carter had been repurposed to carry crews of technicians to the bottom of the sea so they could tap fiber optic lines. The easiest place to get into the cables is at the regeneration points -- spots where their signals are amplified and pushed forward on their long, circuitous journeys. "At these spots, the fiber optics can be more easily tapped, because they are no longer bundled together, rather laid out individually," Deutsche Welle reported.

But such aquatic endeavors may no longer even be necessary. The cables make landfall at coastal stations in various countries, where their data is sent on to domestic networks, and it's easier to tap them on land than underwater. Britain is, geographically, in an ideal position to access to cables as they emerge from the Atlantic, so the cooperation between the NSA and GCHQ has been key. Beyond that partnership, there are the other members of the "Five Eyes" -- the Australians, the New Zealanders, and the Canadians -- that also collaborate with the U.S., Snowden said.


The tapping process apparently involves using so-called "intercept probes." According to two analysts I spoke to, the intelligence agencies likely gain access to the landing stations, usually with the permission of the host countries oroperating companies, and use these small devices to capture the light being sent across the cable. The probe bounces the light through a prism, makes a copy of it, and turns it into binary data without disrupting the flow of the original Internet traffic.

"We believe our 3D MEMS technology -- as used by governments and various agencies -- is involved in the collection of intelligence from ... undersea fibers," said a director of business development at Glimmerglass, a government contractor that appeared, at least according to a 2010 Aviation Week article, to conduct similar types of interceptions, though it's unclear whether they took part in the British Tempora or the U.S. upstream programs. In a PowerPoint presentation, Glimmerglass once boasted that it provided "optical cyber solutions" to the intelligence community, offering the ability to monitor everything from Gmail to Facebook. "We are deployed in several countries that are using it for lawful interception. They've passed laws, publicly known, that they will monitor all international traffic for interdiction of any kind of terrorist activity."
Screen Shot 2013-07-10 at 6.54.48 PM.png
Slide from a Glimmerglass presentation
The British publication PC Pro presented another theory: that slightly bending the cables could allow a receiver to capture their contents.

One method is to bend the cable and extract enough light to sniff out the data. "You can get these little cylindrical devices off eBay for about $1,000. You run the cable around the cylinder, causing a slight bend in cable. It will emit a certain amount of light, one or two decibels. That goes into the receiver and all that data is stolen in one or two decibels of light. Without interrupting transfer flow, you can read everything going on on an optical network," said Everett.

The loss is so small, said Everett, that anyone who notices it might attribute it to a loose connection somewhere along the line. "They wouldn't even register someone's tapping into their network," he added.

Once it's gathered, the data gets sifted. Most of it is discarded, but the filters pull out material that touches on one of the 40,000 search terms chosen by the NSA and GCHQ -- that's the content the two agencies inspect more closely.

The British anti-surveillance group Privacy International has filed a lawsuit against the U.K. government, arguing that such practices amount to "blanket surveillance" and saying that British courts do "not provide sufficiently specific or clear authorization for such wide-ranging and universal interception of communications." Their argument is that the existing surveillance laws are from the phone-tapping days and can't be applied to modern, large-scale electronic data collection.

"If their motivation is to catch terrorists, then are there less intrusive methods than spying on everyone whose traffic happens to transverse the U.K.?" said Eric King, head of research at Privacy International.

Meanwhile, the British agency, the GCHQ, has defended their practices by saying that they are merely looking for a few suspicious "needles" in a giant haystack of data, and that the techniques have allowed them to uncover terrorist plots.
If groups like Privacy International are successful, it may put an end to the capture of domestic Internet data within the U.K., but as NSA expert Matthew Aid recently told me, since 80 percent of the fiber optic data flows through the U.S., it wouldn't stop the massive surveillance operations here or in other countries -- even if the person on the sending end was British.

It's also worth noting that this type of tapping has been going on for years -- it's just that we're now newly getting worked up about it. In 2007, the New York Times thus described President Bush's expansion of electronic surveillance: "the new law allows the government to eavesdrop on those conversations without warrants -- latching on to those giant switches -- as long as the target of the government's surveillance is 'reasonably believed' to be overseas."

Want to avoid being a "target" of this "switch-latching"? A site called "Prism-break" recently released a smorgasbord of encrypted browsing, chat, and email services that supposedly allow the user to evade government scrutiny.
The only platform for which there is no encrypted alternative is Apple's iOS, a proprietary software, for which the site had this warning:
"You should not entrust neither your communications nor your data to a closed source device."

http://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/

No comments:

Post a Comment