NSA harvesting hundreds of millions of personal email contact lists – report

NSA harvesting hundreds of millions of personal email contact lists – report

The National Security Agency is logging hundreds of millions of email and instant messaging contacts belonging to Americans and others around the world, according to a report based on documents provided by NSA whistleblower Edward Snowden.

The data harvesting program, first reported by The Washington  Post Monday, collects address books from email and instant  messaging service in an apparent attempt to map social circles  across the globe. Online communication services frequently expose  an individual’s contact list when that person signs onto their  account, sends a message, or connects a remote device – such as a  cell phone – to a computer.

An internal NSA PowerPoint presentation indicated that the NSA’s  Special Source Operations collected 444,743 email lists from  Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from  Gmail, and another 22,881 from other services. The documents note  that those numbers show what the NSA collects in one day, meaning  the intelligence agency could collect more than 250 million lists  each year.

The NSA is capable of collecting approximately 500,000 so-called  buddy lists from live-chat services and the “in-box”   displays from web-based email services, according to the Post.

Two NSA sources told the Post the intelligence agency uses the  data to identify international connections and then find smaller,  more nefarious connections between suspected criminals. The  collection relies on secret deals with foreign telecommunication  companies, with NSA agents monitoring internet traffic outside  the US.

The sources refused to estimate how many Americans are snared in  the dragnet but did admit it could number in the tens of  millions. An unnamed official was careful to mention the  collection comes from “all over the world,” and “None  of those are on US territory.”

Shawn Turner, a spokesman for the Office of the Director of  National Intelligence, said the NSA “is focused on discovering  and developing intelligence about valid foreign intelligence  targets like terrorists, human traffickers and drug smugglers. We  are not interested in personal information about ordinary  Americans.”

How the NSA might use Hotmail, Yahoo or other cookies to identify Tor users

How the NSA might use Hotmail, Yahoo or other cookies to identify Tor users

One of the more intriguing revelations in the most recent leak of NSA documents is the prospect that the spy agency is using browser cookies from Yahoo, Hotmail or the Google-owned DoubleClick ad network to decloak users of the Tor anonymity service.

One slide from a June 2012 presentation titled “Tor Stinks” carried the heading “Analytics: Cookie Leakage” followed by the words “DoubleclickID seen on Tor and nonTor IPs.” The somewhat cryptic slide led to rampant speculation on Twitter and elsewhere that the NSA and its British counterpart, the Government Communications Headquarters (GCHQ), are able to bypass Tor protections by somehow manipulating the cookies Google uses to track people who have viewed DoubleClick ads. Principal volunteers with the Tor Project believe such a scenario is “plausible,” but only in limited cases. Before explaining why, it helps to discuss how such an attack might work.

As documented elsewhere in the “Tor Stinks” presentation, the spy agencies sometimes use secret servers that are located on the Internet backbone to redirect some targets to another set of secret servers that impersonate the websites the targets intended to visit. Given their privileged location, the secret backbone nodes, dubbed “Quantum,” are able to respond to the requests faster than the intended server, allowing them to win a “race condition.” Government spies can’t track cookies within the Tor network, because traffic is encrypted during its circuitous route through three different relays. But if the spies can watch the Internet backbone, they may be able to grab or manipulate cookies once the data exits Tor and heads toward its final destination.

A slide later in the deck refers to something called “QUANTUMCOOKIE,” which purportedly “forces clients to divulge stored cookies.” There are multiple ways to interpret such a vague bullet point. One of the more plausible is that the Quantum backbone servers can be used to serve cookies not just from DoubleClick or Google, but from Yahoo, Hotmail, or any other widely used Internet service.