Uh Oh, Spying on Your Internet Is Real Easy

As Brian Feldman explains, feds take advantage of cookies, cables and under-used encryption

Uh Oh, Spying on Your Internet Is Real Easy Uh Oh, Spying on Your Internet Is Real Easy

Uncategorized July 28, 2013 0

Servers. Wikimedia Commons photo Uh Oh, Spying on Your Internet Is Real Easy As Brian Feldman explains, feds take advantage of cookies, cables and... Uh Oh, Spying on Your Internet Is Real Easy
Servers. Wikimedia Commons photo

Uh Oh, Spying on Your Internet Is Real Easy

As Brian Feldman explains, feds take advantage of cookies, cables and under-used encryption

Talk of the National Security Agency’s domestic surveillance has focused on policies rather than hardware or software — and for good reason. Sussing out the technical details of the NSA’s “Internet vacuum,” codenamed PRISM, is no easy task.

“I’m not sure that anyone would know much about the actual hardware and software that are used by PRISM — or that they could talk about it if they did,” Jim Waldo, a Harvard computer science professor, tells War is Boring. (The author took one of Waldo’s courses.)

There have been glimpses inside the surveillance machine. A recent BuzzFeed report outlined what it was like to have the federal government install monitoring hardware at an Internet Service Provider. In 2006 an AT&T employee blew the whistle on a secret room filled with NSA surveillance gear. Our own cursory investigation led us to one chilling conclusion.

Surveilling the Internet really ain’t hard at all.

Granted, the Internet is an inherently stateless system with no foundational way of remembering a specific user. Such identifying information is usually stored locally on your computer as cookies.

These cookies are key.

When you post a status update to Facebook, you not only send the text to be posted, you also transmit cookies that confirm who you are. This is why, when you clear your cookies, you have to log in to Websites again. With online services, every action requires the user to reintroduce themselves to Google or Facebook or whatever.

At every click of a mouse, a lot of authenticating data is being sent out over the network. And don’t think for an instant that all this data is secure. High-end consumer-level security measures can be pretty good but are rarely deployed. If the best encryption were in wide use, the data would be pretty secure. But it’s not — and the government possesses plenty of processing power for breaking low-level codes.

The physical network carrying Internet traffic is gigantic, offering countless opportunities for physical tapping. That’s another key to easy surveillance.

The hundreds of undersea cables that form the backbone of the Internet run across the globe. Many of these cables rise right out of the water onto the beach, as was noted in a primer on the Internet’s physical presence last year by Gizmodo. The U.S. government requires licenses for such cables, so their existence is public record. Here’s a purported list of every Internet cable in the world.

The monitoring hardware that the NSA uses probably isn’t specialized, either. Some technology developers have even used the national dialogue on surveillance as a method of self-promotion.

Designing software to monitor Web traffic wouldn’t be terribly difficult for any adept sysadmin — and could even be acquired off the shelf. “Depending on how secure and how fast you wanted things, you could build this with commercial storage — the sort of thing that is offered by NetApp or EMC — using commercial software [such as] Oracle with clusters of servers,” Waldo explains. The NSA is also known to use Hadoop open-source software in its data analysis.

Utah Data Center. Wikimedia Commons photo

Easy though it might be to build, comprehensive Internet monitoring would generate a lot of data. But that’s less a problem for the government than you might think.

“This is really not a technical challenge,” Waldo says. “Compared to the amount of data that is being generated by the Large Hadron Collider or most telescopes, the phone records of everyone in the world are pretty manageable from a pure data point of view.”

Especially with the new Utah Data Center coming online this fall. The secretive, $1.2-billion digital storage facility sprawls over 200 acres near the town of Bluffdale, Utah, and could hold up to 12 exabytes of information initially, with plenty of room for expansion.

In short, the NSA’s eavesdroppers are probably working with widely available tools, albeit on a large scale. Tons of cookies, neglect of encryption, exposed cables and readily-available software and hardware equal easy government spying on your Internet activity.

  • 100% ad free experience
  • Get our best stories sent to your inbox every day
  • Membership to private Facebook group
Show your support for continued hard hitting content.
Only $19.99 per year and for a limited time, new subscribers receive a FREE War Is Boring T-Shirt!
Become a War is Boring subscriber