NSA Domestic Internet Spying

Well, well, isn’t this interesting.

Wired News is reporting that a former AT&T technician named Mark Klien has come forward to support the Electronic Freedom Foundation’s lawsuit against AT&T for its alleged cozying up to the National Security Agency and allowing the NSA to tap fibre optic lines inside of AT&T facilities.

Recall that the major communications companies allowed the NSA to copy tapes of overseas traffic for years, so it shouldn’t be a surprise that this sort of stuff is still going on.

A little bit of Googling comes up with some more details.

Klein stated that the circuits involved were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.   

So what is a Peering Link?

Here’s one description.

Remember that Internet is a networks of networks. These networks are connected either transit or peering. If you are a small network (e.g. home or office), you are likely to buy transit from a service provider (e.g. subscribe to a broadband, or leaseline etc). Your service provider would buy transit from a larger service provider and so on. But as you reach the top with all the Tier-1 ISPs, who do they buy transit from? They aren’t going to buy transit from each another…so they peer. They exchange their routes so that their customers can reach each another but (usually) no money exchanged.

So Peering means that the largest regional internet providers hook up with each other to save some bucks on transit fees. Seems a place where Peers link up would a good place to hook up in order to snatch a bunch of traffic off the internet.

Klein further states that one of the pieces of equipment installed in that secret room where they’ve taped into the internet is Narus STA 6400 “Semantic Traffic Analyer.”

Klein says,

“One of the documents listed the equipment installed in the secret room, and this list included a Narus STA 6400, which is a "Semantic Traffic Analyzer". The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets. The company’s advertising boasts that its technology "captures comprehensive customer usage data … and transforms it into actionable information…. (It) provides complete visibility for all internet applications."

Well, what does the Narus website have to say about all of this?

Here’s part of what they say,

To succeed with next-generation services, carriers need to market well-designed packages of services, with innovative pricing plans, and a variety of payment models. But that calls for a mediation solution that lets carriers and service providers track and meter a wide spectrum of services and proactively enforce multiple billing and usage policies at the same time. Legacy systems don’t have that kind of capability. The Narus mediation products are the first to provide data collection with the enforcement capabilities carriers need to effectively meter and charge for high-profit services based on their value. These services include mobile Internet, Voice-over-IP (VoIP), peer-to-peer file sharing, bandwidth on demand, and messaging. Narus solutions help service providers make their businesses more profitable by collecting and analyzing extremely detailed information about the service usage for each individual customer, in real time. The information is captured directly on the wire, or from the network elements themselves, and can be analyzed for virtually any metric including connect time, content, or activity. This allows the service provider to accurately bill for services by any parameter, enforce usage policies, detect and respond to service abuse, and support a wider range of service packages and options.

Narus offers these products, known as convergent mediation products, for service providers in the following markets: mobile (all networks including wireless fidelity [Wi-Fi]), prepaid, broadband, backbone, as well as intelligence by government agencies. These products are software-based and are powered by high-performance Intel® Pentium and Intel® Xeon processor-based servers since they collect and process billions of network events in real time each day. Narus exclusively uses Intel processor-based servers for the collection of data with Semantic Traffic Analyzers (STAs) in all carrier deployments, which include a number of Tier 1 carriers worldwide. This solution overview provides more detail on the joint Narus and Intel solution and also provides details on a world-record benchmark for mediation that Narus, Intel, and IBM recently completed.”

Narus proudly lets us know that:

Narus Intelligence is an integrated intelligence and surveillance solution for government agencies that monitors, targets, and intercepts information from large networks for national security purposes. It provides network-wide (enterprise, national, or global) visibility and provides a summary of all usage by all users and detailed reconstruction of all targeted users activities—at gigabit speeds in real time.

They even give us some test data that will give us an idea of just how many people they can spy on in a 24 hour period.

Data From the Narus Website

Performance tests measured the number of records per day, or per second, and the number of records per second, per processor. Every 30 seconds, a monitoring process recorded to a file the number of input events, input bytes, output events, and output bytes that were processed by the Narus, IBM, and Intel test system. The system mediated an average of 119,559 records per second over the test period (8:15pm to 4:04am). This translates into 10.3 billion over a 24 hour period (119,559 x 60 seconds x 60 minutes x 24 hours = 10.3 billion).

They also tell us that they have the only carrier-class IP traffic processing system that allows carriers to secure and manage IP services by providing deep-packet inspection from layer 2 to layer 7 and complete correlation across every link and element on the network — all at core carrier speeds.

What’s layer 7?

This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer.

Or to put it another way, layer 7 is your e-mail, those pictures you downloaded, the files you transferred, and your voice over internet telephone calls.

Put this all together, and you have the NSA installing intercept equipment with the cooperation of some America’s largest corporations in domestic telephone exchange buildings. This equipment routes some of the light the from the fiber optic cables that carrys data for some the largest internet providers and runs that data through an analyzer that can read your e-mail, look at the files you exchange over the internet and listen to your phone calls.

It’s called domestic spying.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: