Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Broke Into Links Between Google, Yahoo Datacenters

Posted by timothy on from the smiley-makes-it-all-ok dept.

barlevg writes "The Washington Post reports that, according to documents obtained from Edward Snowden, through their so-called 'MUSCULAR' initiative, the National Security Agency has exploited a weakness in the transfers between data centers, which Google and others pay a premium to send over secure fiber optic cables. The leaked documents include a post-it note as part of an internal NSA Powerpoint presentation showing a diagram of Google network traffic, an arrow pointing to the Google front-end server with text reading, 'SSL Added and Removed Here' with a smiley face. When shown the sketch by The Post and asked for comment, two engineers with close ties to Google responded with strings of profanity." The Washington Post report is also summarized at SlashBI. Also in can't-trust-the-government-not-to-spy news, an anonymous reader writes: "According to recent reports, the National Security Agency collects 'one-end foreign' Internet metadata as it passes through the United States. The notion is that purely domestic communications should receive greater protection, and that ordinary Americans won't send much personal information outside the country. A researcher at Stanford put this hypothesis to the test... and found that popular U.S. websites routinely pass browsing activity to international servers. Even the House of Representatives website was sending traffic to London. When the NSA vacuums up international Internet metadata, then, it's also snooping on domestic web browsing by millions of Americans."

45 of 394 comments (clear)

  1. sounds like a man in the middle by X0563511 · · Score: 4, Insightful

    ... and I hope that "string of profanity" was directed at the NSA who put it there.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    1. Re:sounds like a man in the middle by fustakrakich · · Score: 5, Funny

      NSA stands for National Security Asshole. You were correct the first time.

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:sounds like a man in the middle by jythie · · Score: 4, Insightful

      "Good" is relative. If nothing else, I am much less concerned at what Google might do with such data.... they can be creepy, they can serve up slightly different ads, but push comes to shove they are pretty limited in what they can do. If nothing else, they have to stay within the law and if they go to far legal force can be used against them.

      NSA? They can do a lot more to hurt you, and you do not really have any recourse against them. Just talking to the 'wrong' person can get you on their expletive list and all of a sudden find yourself locked out of a lot of stuff.

  2. At the risk of stating the obvious... by DoofusOfDeath · · Score: 5, Informative

    Fucking traitors.

    1. Re:At the risk of stating the obvious... by Erbo · · Score: 4, Informative

      English cuss words don't cut it anymore. Perkeleen vittupää. (HT: Linus Torvalds)

      --
      Be who you are...and be it in style!
  3. When will the sheep look up by Todd+Palin · · Score: 5, Insightful

    Slashdotters seem pretty appalled at these revelations, but when will the general public reach the point of disgust? In theory the people of the USA still have the power to change these behaviors through the ballot box. The news just goes on and on. but the outrage seems slow to reach the surface.

    1. Re:When will the sheep look up by Anonymous Coward · · Score: 5, Funny

      Wake up sheeple!

    2. Re:When will the sheep look up by Capt.DrumkenBum · · Score: 4, Insightful

      The only problem is what your choice is between John Jackson, and Jack Johnson or Kang and Kodos or a turd sandwich and a giant douche.
      All depending on which animated series you prefer. :)

      --
      If I were God, wouldn't I protect my churches from acts of me?
    3. Re:When will the sheep look up by Anonymous Coward · · Score: 5, Insightful

      The public doesn't give a damn that the President and Cabinet have been ordering assassinations, torture, or invasion that leads to the deaths of hundreds of thousands of people. Why should they be concerned with a little spying? They are literally more concerned about the welfare of dogs (see Michael Vick), tiny fetuses, and boobies on TV.

    4. Re:When will the sheep look up by Archangel+Michael · · Score: 4, Insightful

      You are under the amusing assumption that ballot boxes change anything. What we are dealing with are institutional government entities that exist apart from any apparatus to effectively monitor and contain them. THIS is the shadow government nobody pays any attention to, until it is too late. And those of us that have warned people for years, have been labeled "kooks" and "loons".

      Oh, and this is just the surface they are allowing you to see. It is much much worse than you can possibly imagine.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    5. Re:When will the sheep look up by cdrudge · · Score: 5, Funny

      Speak for yourself. I don't care about dogs or tiny fetuses. I DO care about boobies on TV. There should be far, far more of them, preferably exposed in one form or another.

    6. Re:When will the sheep look up by QRDeNameland · · Score: 4, Insightful

      I think the public figures "if I'm not doing anything wrong, why should I care about spying".

      Part of the problem is that they remain ignorant and/or unconcerned that recent history is filled with examples of surveillance on people who were "not doing anything wrong"...well, other than expressing opinions unpopular with those in power. (MLK being perhaps the most famous example.) Unless one thinks that pesky activists of whatever political stripe don't serve any useful purpose to society or even one's own personal interests, there is much more to be worried about than just whether or not they're spying on *you personally*. That aspect seems to get lost in this debate.

      So instead of "if you have nothing to hide, you have nothing to fear"...it should be more like "if you have nothing to *say* and don't care about others who might have something to say, well, then you have nothing to fear...maybe."

      --
      Momentarily, the need for the construction of new light will no longer exist.
    7. Re:When will the sheep look up by plover · · Score: 5, Insightful

      I think Snowden and the Grauniad are managing this very carefully and deliberately. Instead of dumping 100,000 powerpoint decks on an already jaded world, they're publishing a new menace every month. So instead of a transient explosion of anger (that the NSA is bracing for, and expecting they'll be able to manage), there is a seething resentment that's slowly building over time. First, people with cell phones got mad, and resentful. Then Merkel got mad, and got the EU all torqued. Today, people who use Google are getting mad. Next month, it'll probably be how they read every message and contact in iCloud, making all the Apple users mad. At this rate, everybody is going to take turns feeling violated a couple of times each over the next year or so.

      With this schedule, the administration has to squirm and dodge and apologize every time the spotlight twitches. Even the left no longer trusts the words the President speaks these days, because he's so busy spitting out weasel words defending this out-of-control agency. My guess is there's still a really big expose yet to come that will reveal the NSA did something truly damaging to our democracy with this info, like they rigged a Federal election, or a Supreme Court assignment. And by then Congress will be facing an angry public demanding that they not only react, but over-react.

      As a matter of fact, they're releasing this information so carefully orchestrated that I have to wonder who is guiding them. How would Snowden know exactly how to publish this data to maximum effect? He's a sysadmin, not a PR expert. This seems more like one of the successful KGB misinformation campaigns of the 1970s and 1980s.

      --
      John
    8. Re:When will the sheep look up by Jason+Levine · · Score: 4, Funny

      At this point, Nixon's head on a giant killer robot body might be a good choice. "Cyborg Nixon: Because he doesn't seem so evil by comparison."

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    9. Re:When will the sheep look up by mu51c10rd · · Score: 4, Insightful

      This is because the US major news outlets are not covering the leaks much. Check out MSNBC, Fox News, CNN, or any major outlet...and nothing. The people only get outraged when their particular partisan talking head tells them to. I find the best coverage on the leaks is from the UK Guardian. Certainly not here in the US.

    10. Re:When will the sheep look up by bill_mcgonigle · · Score: 5, Insightful

      That's exactly what the journalists he gave it to know, or are supposed to know.

      Your average FoxNNBC reporter won't, but Greenwald is smart as hell about politics (I've been reading his blog for years and it always felt like the good kind of homework) plus he's teamed up with Poitras, Scahill and others who fit the same mold, and now he just got a quarter billion dollars to work with. Oh, and the people he's been writing about recently held his fiance hostage.

      Let's just put it this way - the Snowden briefings in October 2014, right before the mid-term elections, are going to make your ears bleed. If an NSA apparatchik is up for a primary election in the Spring, expect some juicy ones then, too.

      Remember, the NSA has enough information to blackmail almost everybody in the Westernized world (and then some).

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    11. Re:When will the sheep look up by AmiMoJo · · Score: 5, Insightful

      Perhaps more appropriate.

      People do care. That's why high up people in the government and NSA have been making public appearances to justify what they are doing. If no-one cared they wouldn't bother. The real problem is that everyone is largely powerless to do anything about it.

      In a couple of years an election will come around, and whoever you vote for they will carry on spying on you.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. "secure fiber optic cables" by PolygamousRanchKid+ · · Score: 5, Insightful

    Nothing is "secure" any more. "Secure" is now a one word oxymoron.

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  5. Terms of Service violation by cohomology · · Score: 5, Interesting

    This news is very serious, but sometimes humor is the only possible reaction to bad news.

    This is a violation of Google's Terms of Service. I hope Google cuts off all access from .gov and .mil domains.

    --
    Don't mess with The Phone Company. Piss them off and you'll be using two tin cans and a piece of string.
  6. NSA denies everything by barlevg · · Score: 4, Informative

    http://www.businessweek.com/news/2013-10-30/alexander-denies-nsa-infiltrated-google-to-yahoo-servers

    1. Re:NSA denies everything by msauve · · Score: 5, Insightful

      âoeNSA does collect information on terrorists and our national intelligence priorities but we are not authorized to go into a U.S. companyâ(TM)s servers and take data,â Alexander said.

      So, they claim they don't break into servers. So what? That's entirely different than tapping the links between the servers. And you can bet he knows the difference.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    2. Re:NSA denies everything by 93+Escort+Wagon · · Score: 5, Insightful

      PARSE THE WORDING, DAMMIT.

      Alexander did NOT say they didn't do it. He said "we are not authorized to go into a U.S. company’s servers and take data" (emphasis mine). That's a completely different statement.

      To me, that looks to be specifically designed to avoid lying without answering the question - such as when Obama answered the question about bugging Merkel's phone with "we are not recording her conversations and will not in the future". Fortunately, in that case, the press noticed the subterfuge and followed up with a question he wouldn't respond to ("Did you, in the past, ...").

      --
      #DeleteChrome
    3. Re:NSA denies everything by reebmmm · · Score: 4, Insightful

      Here are my questions: why do they always talk about "authorization" when making denials? And why don't reporters call them out on it? This story is a classic example:

      “NSA does collect information on terrorists and our national intelligence priorities but we are not authorized to go into a U.S. company’s servers and take data,” Alexander said.

      That's great and all. But it's like a shoplifter saying, "sure I went into the store and looked around, but I wasn't authorized to take anything."

    4. Re:NSA denies everything by jandrese · · Score: 4, Informative

      Calling them out on lies or pushing for followup information is how you lose your White House Press Pass.

      --

      I read the internet for the articles.
  7. Re:I'm for this by CanHasDIY · · Score: 4, Insightful

    No one knows how many terrorist plots that have been adverted due to this. Just think back at the Boston marathon event. We should be grateful that we have not had more of them for the past decade. A lot of people forget this.

    You forgot your <sarc> tags.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  8. Re:Why the secret data collection? by barlevg · · Score: 5, Informative
    Read this: http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/30/prism-already-gave-the-nsa-access-to-tech-giants-heres-why-it-wanted-more/?hpid=z1

    There are some obvious reasons: The operations take place overseas, where many statutory restriction on surveillance don't apply -- and where the Foreign Surveillance Intelligence Court (FISC) has no jurisdiction. In fact, the FISC ruled a similar, smaller scale program involving cables on U.S. territory illegal in 2011. So if the NSA decides to harvest that data on foreign soil, it can skip most of the oversight mechanisms.

  9. Re:As long as you make the distinction between by CanHasDIY · · Score: 5, Insightful

    Americans and us dangerous foreigners, expect no sympathy. One does not have to believe in Karma to know that you deserve the domestic spying.

    By that same line of thinking, one could also say that you deserve to be spied upon and drone-striked, due to your blanket, wholly uninformed generalizations about Americans.

    I wouldn't say that, because I'm not an egocentric dick... but someone could, and it would be just as invalid and moronic as your hypothesis.

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
  10. Re:what's taking so long by 0123456 · · Score: 4, Funny

    Is there some reason the NSA is still around?

    Yes. They have a file on everyone in Congress.

  11. US Marketing Ploy? by barlevg · · Score: 4, Interesting
    From this article, an interesting rationale for why they would use MUSCULAR when they have PRISM:

    There are some obvious reasons: The operations take place overseas, where many statutory restriction on surveillance don't apply -- and where the Foreign Surveillance Intelligence Court (FISC) has no jurisdiction. In fact, the FISC ruled a similar, smaller scale program involving cables on U.S. territory illegal in 2011. So if the NSA decides to harvest that data on foreign soil, it can skip most of the oversight mechanisms.

    We've seen a lot of articles recently about people demanding companies not host their data in the US so that they're not subject to PRISM. But if PRISM has more oversight than MUSCULAR, and MUSCULAR is only allowed to be used OFF of US soil, then it seems like the safest place for your data is in the US, after all.

  12. Re:I'm for this by Anonymous Coward · · Score: 5, Insightful

    Hello, NSA shill! Let's be honest here. That's quite right. Exactly: no one knows how many. You know something else? It doesn't even MATTER how many: the ends DO NOT justify the means!

    This, what you're doing here? This is state-sponsored terrorism! This is completely off limits. You're way, way out of line. You need to look in the mirror and realise that Snowden has more integrity in his big toe than you have in your whole body. Stop making excuses. Shut these operations down. Publish details of any vulnerabilities you know about, including ones you've created or discovered. It's unethical not to: and it's quite frankly extremely damaging to national and international security not to. And we'll fix them, because we can't trust you to.

    At this point I'm not worried about blithering crazy idiots waging "war" on us with half-assed bombs: I'm worried about our own governments waging "cyber-war" on us with billion-dollar budgets. It's obvious with a moment's thought which one the greater threat is, and I'm sorry, but it's not the frothy-mouthed jihadist who's actively sabotaging efforts to secure critical internet and other infrastructure. It's YOU.

    People should not have to be afraid of their governments. But they do. We're not interested in your feeble justifications. Freedom IS worth human lives: it always has been. Operations like this make the sacrifices of those who gave their lives in years long past to ensure you have at least the promise of freedom utterly meaningless, and turn our own governments - quite literally - into our adversaries. You should be ashamed of yourselves. That has to stop. It has to stop now. And it has to stop no matter what the cost, no matter what the trade-off.

    Given the hard choice between anybody having privacy and nobody having privacy, even if it means sitting down and redesigning baseline security protocols and the internet at large, I'd rather make the right choice than the easy choice. It's time to roll up our sleeves and start fixing this mess, and you're not invited to the party.

  13. Re:what's taking so long by Mordok-DestroyerOfWo · · Score: 4, Insightful

    Is there some reason the NSA is still around?

    Yes. They have a file on everyone in Congress.

    Not to mention that most of my fellow Americans are too poopy-pants afraid of teh terroristz to ever allow that to happen. If anybody in Congress tried to dismantle the NSA, you'd better believe that their next opponent would label them "soft on national security". That could be enough to swing many elections, thus you'll never see it done.

    --
    "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
  14. Re:I'm for this by lister+king+of+smeg · · Score: 5, Insightful

    Yes exactly look back to the Boston bombing.

    At the Boston bombing we had two countries telling us to watch the bomber that he was radical and potential terrorist, his youtube channel was full of sermons by Muslim extremist clerics.

    And what happened... Big Brother did nothing.

    Meanwhile the NSA agents are using their dragnet of all of the worlds communications to do what? Loveint, the NSA agents are using their wiretaps to spy on their loved ones, neighbors, crushes, and anyone they want.

    So we are left with two options the Government let it happen or the are to incompatent/preoccupied getting their rocks off to be allowed near their own dragnet.

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  15. Re:I'm for this by BradMajors · · Score: 5, Interesting

    There is a third option. The NSA is not looking for terrorists. They are doing all this monitoring for other purposes.

  16. Re:I'm for this by istartedi · · Score: 5, Funny

    we had two countries telling us to watch the bomber

    They should have e-mailed eachother. Then we would have caught it.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  17. Re:Why the secret data collection? by Arker · · Score: 4, Insightful

    "In fact, the FISC ruled a similar, smaller scale program involving cables on U.S. territory illegal in 2011."

    Exactly. The defenders of this nonsense want that little bit to get skipped and forgotten.

    There is no question this is illegal, they dont even have a tiny fig leaf of being able to argue they thought it might be legal. It's illegal, even the FISA "court" refused to agree to this.

    So they just did it anyway. Sounds to me like despite all the noise about 'oversight' adult supervision is exactly what has been missing.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  18. Re:I'm for this by Arker · · Score: 5, Insightful

    Terrorists?

    Why would they try to stop terrorists? The sooner there is another successful attack the sooner their budget gets doubled.

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  19. Re:I'm for this by Jason+Levine · · Score: 4, Insightful

    No, all the terrorist plots that never were are thanks to my Anti-Terrorist Rock. It protects against terrorists within a 1,000 mile radius with a 90% accuracy rate. I got it when my Anti-Tiger rock so effectively protected me against tiger attacks (in New York). Sadly, I lost my Anti-Government-Overreach-Of-Power rock. I really could have used that one.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  20. Report the NSA to the RIAA by tekrat · · Score: 5, Insightful

    Technically the NSA has been downloading copyrighted material, and very likely has more than a few MP3s of popular songs filed away in their datacenters.

    I suggest we lobby the RIAA to sue the NSA for $10,000,000,000,000,000 because that's what 50 or so songs are worth, so they say.

    The only trouble with this strategy of course, is that I don't know who to root for. The enemy of my enemy is my friend? No, the enemy of my enemy is still my enemy dammit.

    --
    If telephones are outlawed, then only outlaws will have telephones.
  21. Re:I'm for this by harvestsun · · Score: 4, Insightful

    I would rather have freedom than a reduction in terrorist attacks.
    However, it doesn't matter how I feel, it matters how the people feel, because this is a democracy.
    But a democracy doesn't work when the government makes decisions in secrecy; that's the real problem.

  22. Warrantless Land Line Tapping = Const. Violation by MarkvW · · Score: 5, Funny

    The Supreme Court is really clear on this. If you tap a land line without a warrant, you violate the Constitution.

  23. Re:I'm for this by Impy+the+Impiuos+Imp · · Score: 5, Insightful

    There are other, far greater dangers than a Boston, 9/11, or even "mushroom cloud". Namely, collapse of freedom in the US via decades-long slippery slope. Once the tools of a 1984-like tyranny are built, with nothing but "you are supposed to get a warrant" stopping G. Gordon Liddy types from spying on political opponents, it's all over.

    It's the lack of real, detailed oversight, uncorruptible, reviewed logging of all queries, and so on, which we need, and which will bring an end to the need to "trust us".

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  24. Re:Wrong, choice is between who will get noticed by Trogre · · Score: 4, Informative

    Oh my goodness. How can someone entirely miss the whole point of the Kang/Kodos election, or Douglas Adams' lizards? The point, which you appear to have somehow totally missed, is to highlight the folly of a two-party system.

    The problem is not people voting for the wrong lizard, it is people voting for one of the two lizards IN THE FIRST PLACE.

    So long as Democrats and Republicans continue to be rife with corruption, your civic duty is to vote third party.

    Otherwise you really are throwing your vote away.

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  25. Re:Reap what you sow by swillden · · Score: 4, Informative

    Google (and the others) shrugged and played nice with the NSA, to what extent we don't know.

    Google hasn't "shrugged and played nice" with the NSA. Google has flatly and emphatically denied any cooperation. And after the Snowden disclosures began, Google started taking a hard look at internal operations to see if there's anywhere that the NSA could have gotten unauthorized access. The result was a crash company-wide initiative to encrypt all data communications -- specifically to ensure that connections between data centers couldn't be tapped.

    (Disclaimer: I'm a Google software engineer, focused on security infrastructure. I do have a great deal of insider knowledge about Google security infrastructure, but all of the above is from Google's public statements.)

    I wonder if Google can sue? And if they can, will they?

    Google has file a suit to be allowed to disclose the extent of the legal, government-required information sharing. I have no idea if they could sue for any illicit taps. There is no doubt in my mind that if they could sue for damages with some hope of success, they would. This is my own opinion, not an official statement.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  26. Re:The post-it note by swillden · · Score: 4, Informative

    No you fucking moron, it means since there is no Encryption inside the "google cloud" (because it is added at the border) when they tap the links between data centres (those squares "inside" google are data centres) they get full unencrypted information.

    They don't need to break encryption to do this, since google isn't encrypting the private fibre lines the NSA is tapping.

    Correction: Google wasn't encrypting the private fibre lines. Google announced a month or two ago that they're now encrypting all traffic in transit, even inside.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  27. Re:Government vs. Corporations by psithurism · · Score: 4, Insightful

    Google is a less restrained than government. Google can limit your life a lot more than the NSA can.

    I suppose, hypothetically, if Google execs really wanted to make me disappear, they have enough money to hire people to make it happen, but you have to be pretty far out there to think that Google founders have it in for you personally. If Google isn't making a profit from me, they could terminate all my accounts and sell all my data, but to do anything more would dig into their profits, so they won't.

    On the other hand, The US Gov has put away several people I know for drugs, frequently after investigating them on totally bogus, unrelated charges. So I've seen people's data abused by the government for more than the targeted adds Google would have sent them. And this is not even mentioning all the time and money non-convict people I know have had to sink in defending themselves from damning scraps of data.

    The NSA, by law, can't even enforce laws in the US

    Yeah, they wouldn't enforce anything, they can just turn over their data to agencies that could enforce within the US borders. E.g.: http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/05/the-nsa-is-giving-your-phone-records-to-the-dea-and-the-dea-is-covering-it-up/

    the NSA could only tap foreign data centers

    1) I accidentally made the horribly unpatriotic blunder of meeting and making friends with some of the six and a half billion people who live outside the US. Some in a public high-school no less!

    2) Unfortunately for the good patriots, who did a better job of shunning the dirty foreigners, the internet is pretty fuzzy on borders and as the summary points out, data is often sent to information centers outside the US even if it is just returned unaltered, back inside.

    3) I have never paid attention to the geographic location of my web-surfing before and I suspect neither have you. Are we sure even Slashdot has all it's data centers in the US? Many of the liked articles aren't, so I'm sure they got some good meta data on the two of us accessing leaked documents published by foreign agencies.

    Really, in the side of Government vs. Corporation, the only side that represents YOU is Government.

    Depends what the conflict was. Normally, yes, in healthcare, employment rights, unconscionable EULAs, etc, these are situations where the government needs to kick corporate ass on my behalf. This situation on the other hand, the government is not protecting me from the corporations; the government is coming after me. Even if the corporations only want to protect me to ensure their profits, I don't care. Right now they are on my side.

    Now, if Google was caught tapping the NSA to get my personal info, then I'd be pissed at Google, not the NSA.

    Without government, Corporations would, literally, have you as slaves.

    This is true, but from here on out, you really left the situation at hand to talk about political movements I'm not familiar enough with to comment on but I'm thinking 30% chance you are going to reply to my post with "Sarcasm, moron: learn to detect it!"