How difficult is it for the NSA to spy on your Internet use?
June 16, 2014 8:44 AM   Subscribe

On a bright April morning in Menlo Park, California, I became an Internet spy. This was easier than it sounds because I had a willing target. I had partnered with National Public Radio (NPR) tech correspondent Steve Henn for an experiment in Internet surveillance. For one week, while Henn researched a story, he allowed himself to be watched—acting as a stand-in, in effect, for everyone who uses Internet-connected devices. How much of our lives do we really reveal simply by going online? Ars tests Internet surveillance—by spying on an NPR reporter.
posted by Johnny Wallflower (15 comments total) 21 users marked this as a favorite
Came across this the other day. Not surprising to anyone who understands how the tech works, but it offers some good concrete illustrations for non-techies on just how insecure the internet really is.
posted by saulgoodman at 9:26 AM on June 16, 2014 [2 favorites]

I listened to parts of this on NPR this last week. I thought it was an excellent overview of the difficultly of keeping your life private on the Internet. The description was just the right balance between being technical and accessible at the same time. Yes, we all know that companies and the NSA can collect things from what we do on the web...but the report showed examples about what can they get, and how much are we just leaking all the time without any overt effort.

The piece also showed how the cross-application leaks allowed creating a pretty complete profile of who you are on the Internet. We really need SSL (Secure Socket Layer) connections for every application to every server they connect to all the time to prevent these kinds of leaks. (Of course, we also need a secure SSL, you heartbleed idiot programmers!)

NPR segments.
posted by Xoc at 10:52 AM on June 16, 2014 [1 favorite]

“Whoa,” Porcello said. “Yep, there’s Yahoo, NPR... there’s an HTTP request to Google... the phone is checking for an update. Wow, there’s a lot of stuff going on here. It's just thousands and thousands of pages of stuff... Are you sure you’re not opening any apps?”

“I didn’t do anything!” Henn replied. “My phone is just sitting here on my desk.”

He checked his phone and found that Mail, Notes, Safari, Maps, Calendar, Messages, Twitter, and Facebook were running in the background—and making connections to the Internet.
Yeah, a lot of us are just oblivious.

But, on the other hand, I worked for a big company where security was a big deal and when I had an ugly run in with someone in the parking lot after I left work one day, we were not able to identify the individual -- never mind that we had them on tape leaving the building, I knew it was an employee, you could not get into this building without swiping an ID badge (or signing in through security if you had no badge), etc. It did not require a swipe of your ID badge to leave, there was no audio for the videotape, and there was no tape of anything that happened in the parking lot. My fantasies that this would be some Star Trek style thing with the entire conversation on tape was far from reality.

I recall some conversation about a hypothetical scenario where what you bought at the grocery store would impact your health insurance rates in some dystopian future. People made the point that they bought their veggies at a farmer's market or had a garden out back, thus their grocery store bill did not accurately reflect what they really ate.

There will always be ways to get information on someone, more than most people would think. There will also always be ways in which that information falls short of what you might think it is. If someone is really out to get you and sufficiently dogged, they can find a way. I do understand why people worry but I am not sure it makes that much difference. If they lock you up and throw away the key, it kind of does not matter how they pulled that off. What matters is that you were deprived of your freedom.
posted by Michele in California at 11:57 AM on June 16, 2014

we also need a secure SSL

Yes, yes we do. And we don't have it, and it isn't close to being here.

you heartbleed idiot programmers!

You mean those people who were doing unpaid work in their free time? If we're doling out blame for the poor state of core libraries that are 'securing' us all, can we give some away to the large multibillion dollar corporations that use these libraries to protect their critical information, but aren't financially contributing to fund (or even audit) the same libraries?

posted by el io at 11:58 AM on June 16, 2014 [13 favorites]

From KokoRyu's link: "How an arrest in Iraq revealed Isis's $2bn jihadist network"

I'm pretty sure Pam snorted/ate most of that $2bn.
posted by nushustu at 11:59 AM on June 16, 2014 [4 favorites]

"Yet the bastards can't even predict an actual threat."

That entirely depends on the kind of threat you're talking about. They have, in fact, predicted and stopped threats before, especially overseas.... but the NSA has been fighting a running signals intelligence battle with AQ and its affiliates for over a decade... which absolutely includes the group you cited.

"Al Qaeda can hardly have failed to notice that U.S. intelligence intercepts helped thwart a significant number of its plots since 9/11. This was well documented long before Snowden's leaks. . . Some of these plots included the 2009 Najibullah Zazi plan to bomb New York subway system; a potential plot in Belgium in 2008; a plot by al Qaeda affiliated militants to bomb U.S. soldiers in Germany in 2007; and the 2006 plot to bomb nine airliners bound for North America simultaneously above the Atlantic. . .Al Qaeda and its affiliates responded to the string of plots thwarted by the NSA by being more careful in the way they communicated.

By 2008, al Qaeda had banned electronic communications inside the tribal areas of Pakistan, instead requiring messages be exchanged through couriers, according to the testimony of Western al Qaeda recruits. . . A group of German militants recruited into an al Qaeda plot to attack Europe in 2010 were provided hands-on instruction in encrypting their communications using a program called Mujahideen Secrets. . . The most prominent adopter of the Mujahideen Secrets software was Anwar al Awlaki. . . In 2009, Awlaki personally instructed at least one European militant in Yemen how to use the software . . . CNN has seen copies of the encrypted emails. . . By the following year al Awlaki had developed a sophisticated multi-layered method to encrypt communications with operatives overseas.

. . . (I)n early 2010 Karim, (a British terrorist operative) working in a British Airways call center in Newcastle, communicated in coded phrases from the UK with Awlaki in Yemen through deeply-encrypted word documents that were stealthily digitally compressed and then uploaded to pages of Web hosting sites with addresses only known to the parties in question. . . The messages appear not to have been intercepted by the NSA or any other Western intelligence agency. . . Even after finding the communications, it took British investigators significant time to decipher the communications, only succeeding after they found the cipher codes and passwords in a file on his the computer. "

So, on one hand, you have the NSA failing to detect threats right away, due to the nature of how these messages are transmitted. However, on the other, you have the NSA likely being significantly responsible for decoding information that led to the successful drone strike on al Awlaki , and the really major damage that the US and Yemen have done to Al Qaeda in the Arab Peninsula over the past few years.

The very fact that Al Qaeda operatives have increasingly been forced to rely on couriers and encrypted flash drives for secure communications is a bit of a victory for the NSA, in that it makes it easier to use traditional counterinsurgency tactics to intercept communications, map terrorist networks, and roll up cells of enemy operatives. It also denies ground to the enemy... and the internet is increasingly valuable ground for widespread communication and for recruiting operatives.
posted by markkraft at 3:04 PM on June 16, 2014 [3 favorites]

Also from KokoRyu's article:
"He said to us, 'you don't realise what you have done'," an intelligence official recalled. "Then he said: 'Mosul will be an inferno this week'.'

Several hours later, the man he had served as a courier and been attempting to protect, Abdulrahman al-Bilawi, lay dead in his hideout near Mosul.


Officials, including CIA officers, were still decrypting and analysing the flash sticks when Abu Hajjar's prophecy was realised. Isis swept through much of northern and central Iraq over three stunning days, seizing control of Mosul and Tikrit and threatening Kirkuk as three divisions of the Iraqi army shed their uniforms and fled.
So much for the old Military saw about "cutting them off at the head"...
posted by oneswellfoop at 5:37 PM on June 16, 2014

You mean those people who were doing unpaid work in their free time? If we're doling out blame for the poor state of core libraries that are 'securing' us all, can we give some away to the large multibillion dollar corporations that use these libraries to protect their critical information, but aren't financially contributing to fund (or even audit) the same libraries?
that's beginning to change; hopefully it lasts
posted by p3on at 7:28 PM on June 16, 2014 [1 favorite]

Intercept: How Secret Partners Expand NSA’s Surveillance Dragnet

My read is that this new story doesn't really reveal anything that new/shocking besides the codename of a partnering program, RAMPART-A.
posted by Noisy Pink Bubbles at 3:44 AM on June 19, 2014

Next thread : Spiegel has opened fire on the NSA
posted by jeffburdges at 3:14 AM on June 20, 2014

« Older The News Where You Are   |   The Skunk - A Riot Control Hover-Drone Newer »

This thread has been archived and is closed to new comments