Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

US Taps Communications Links to Google, Yahoo Data Centers: Report

WASHINGTON – The US National Security Agency has tapped into key communications links from Yahoo and Google data centers around the world, the Washington Post reported Wednesday.

WASHINGTON – The US National Security Agency has tapped into key communications links from Yahoo and Google data centers around the world, the Washington Post reported Wednesday.

The Post, citing documents obtained from former NSA contractor Edward Snowden and interviews with officials, said the program can collect data at will from hundreds of millions of user accounts, including from Americans.

The report said the program dubbed MUSCULAR, operated jointly with NSA’s British counterpart GCHQ, indicated that the agencies can intercept data flows from the fiber-optic cables used by the US Internet giants. The Post report suggests this is a secret program that is unlike PRISM, which relies on court orders to obtain data from technology firms.

According to a top secret document cited by the newspaper dated January 9, 2013, some 181 million records were collected in the prior 30 days, ranging from metadata on emails to content such as text, audio and video.

The document shown by the Post indicates that the NSA intercept takes place outside the United States, and that an unnamed telecommunications provider allowed the secret access.

A graphic in the document suggested that the interception at Google came at a point between the public Internet and Google “cloud” servers. The hand-drawn graphic depicted an image of the two Google servers and a smiley face with a note saying, “SSL added and removed here.” SSL refers to secure sockets layer, a cryptographic protocol.

Acting outside US territory would give the NSA more latitude than within the United States, where it would require court orders, the Post noted.

Advertisement. Scroll to continue reading.

NSA chief General Keith Alexander, asked about the allegations during a Washington conference, said he was unaware of the report but argued that the allegations appeared to be inaccurate.

“That (activity) to my knowledge, this never happened,” he said at the conference sponsored by Bloomberg Television.

“In fact there was this allegation in June that the NSA was tapping into the servers of Yahoo or Google, that is factually incorrect.”

He added that NSA gains access to data “by court order” and that it would not be “breaking into any databases.”

Google chief legal officer David Drummond said the Internet giant was not involved in any such activity.

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” Drummond said in a statement.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Yahoo said in a statement to AFP that “we have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”

The report comes amid a storm of protest about NSA surveillance both at home and overseas of phone and Internet communications.

On Tuesday, US officials said reports that American spy agencies snooped on millions of Europeans were false.

Alexander told lawmakers that in many cases European spy agencies had turned over phone call records and shared them with US intelligence.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).