Beware of NSA If You Are Privacy Conscious and Security Enthusiast Friday,

 

 

We all are aware of the National Security Agency’s (NSA) mass surveillance program to track non-Americans. Thanks to former NSA contractor Edward Snowden, who provided confidential documents about the widely spread surveillance programs conducted by the government intelligence agency such as NSA and GCHQ.

A recent story about NSA surveillance broke when a German public broadcaster ARD published that the Agency is using its surveillance program XKeyScore to target users who use encryption and traffic anonymizing software, including Tor Network for anonymous Web browsing and Linux-based Tails operating system in an effort to keep tracks of people outside the US.

XKeyScore is a powerful NSA surveillance program that collects and sorts intercepted data, which came to limelight in documents leaked by former NSA contractor Edward Snowden last summer, but the greater detail in an investigation conducted by American security expert and Tor Project member Jacob Appelbaum, Aaron Gibsom, and Leif Ryge shows that how the agency monitors people trying to protect their privacy online, may have not come from the documents Snowden provided to journalists.

Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. Whereas, Tails is a live media Linux distro designed boot into a highly secure desktop environment and is different because it is aimed at the privacy conscious “normal user” rather than government workers.

The documents for the NSA’s XKeyscore Internet surveillance system also indicate that the NSA was apparently capturing the traffic of anyone reading a wide range of articles on Linux Journal website and gathering up information of the visitors.

The documents provided by Snowden on X-Keyscore last year indicated that the surveillance program allowed NSA officials to obtain a person's phone number or email address, read the content of email, and track full Internet activity including browsing history without bothering the need of any warrant.

The analysis of the top-secret source code for X-Keyscore the NSA uses to conduct internet surveillance indicates that the program targeted at least two German Tor Directory Authority servers, one based in Berlin and the other in Nuremberg, as well as individuals using Tor.

It’s not just Tor and Tails the NSA is collecting data from. The report also reveals this code:

// START_DEFINITION
/*These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. */
$TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux' or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
$TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
// END_DEFINITION

"Months of investigation by the German public television broadcasters NDR and WDR (ARD), drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems," reads the ARD report.

However, the source code also reveals that the NSA has targeted a German student who runs a Tor node, under the XKeyscore program. Still, it is unclear how ARD obtained the NSA source code, and the broadcaster made no mention in its report of Snowden, or the documents he leaked.

UPDATE

In response to ARD's allegations relating to the details uncovered in the Xkeyscore source code, the NSA provided the following statement:

“NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes - regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency.

In January, President Obama issued U.S. Presidential Policy Directive 28, which affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities.

The president's directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion.

XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad. All of NSA's operations are conducted in strict accordance with the rule of law, including the President's new directive.”