According to slides leaked by the Washington Post, the NSA and GCHQ joint program, known as MUSCULAR, tapped into the internal networks of Yahoo! and Google, intercepting traffic between data centers. The slides indicated that information captured by the taps regularly reached the daily intelligence briefings the NSA provided to President Barack Obama.
MUSCULAR was apparently the 15th largest source of intelligence information for those briefings, so this is quite the blow by Google.
The NSA was revealed to have “intimate” knowledge of how these internal networks work which may have been obtained either through an employee of the companies or through extensive reverse engineering.
This slide shows the percentages of information that was captured from each Google service, ranging from YouTube pages to account security questions.
This access, combined with special data fingerprints the NSA called “defeats,” allowed for the agency to filter through massive amounts of data for relevant info. Think Facebook Graph Search: NSA Edition.
A set of NSA tools known as Serendipity enabled the NSA to track individual Google accounts as they accessed the following Google services:
Chrome synchronization, including bookmark sync to the cloud “Talkgadget,” the Google Talk component of Gmail The now-defunct iGoogle personalized pages Google searches Picasa photo sharing YouTube
On the Yahoo! side of this creepy surveillance coin, the NSA had access to entire user mailboxes, messenger protocol, and advertising tracker.
While Google’s corporate response has been more contained, Google security engineer, Brandon Downer, was very blunt.
Mike Hearn, another security engineer at Google echoed Downer’s statement:
Google has not revealed how it is encrypting its internal traffic, which is probably a smart move on their part. Yahoo! has not spoken on how, or if it plans to, deal with the intrusion but they hopefully will have a similar plan.
In the mean time, I wonder if the NSA has its fingers in gaming services like Steam, and Origin?