Up until 1998, the NSA had been a purely defensive intelligence agency, that was tasked with cryptography (enemy code breaking), passive collection of SIGINT, intelligence production for other agencies, and defense of American and Five Eyes networks. Enter the TAO (Tailored Access Operations), these are the offensive ninja NSA hackers. They’re underpaid, highly motivated, unquestionably gifted network/hardware/software engineers that are allegedly responsible for the first documented instance of an offensive digital weapon that could do real world harm: Stuxnet under Operation Olympic Games. They may also be the advanced persistent threat (APT) keyboard commandos Kaspersky referred to as the Equation Group. Their job is to attack the NSA’s enemies. In 2016 a group calling themselves the ShadowBrokers, that are suspected of being rival Russian nation state hackers that tried to auction, leaked stolen code and NSA tools containing Zero-Day exploits. The NSA seems to have implicated themselves and confirmed the suspicion of authoring the stolen code and tools by notifying Microsoft of the security vulnerability exploited in the leaked ETERNALBLUE which allowed Microsoft to prepare a patch. The problem is that once you build a weaponized exploit like ETERNALBLUE, it can and will be turned against you if you lose control of it. Check out the WannaCry and NotPetya ransomware attacks from 2017 because the warheads were built by the NSA. Remember, the NSA targets the entire world, so that digital warhead could have been used against you.
By 2007, Snowden worked for both the CIA/NSA, as well as network security consultancy positions for Dell or Booz Allen-Hamilton that worked directly for CIA/NSA. Edward slowly became disillusioned with the job. He was shocked by his field operations for the CIA and after learning of worldwide mass surveillance systems run by the NSA ,like PRISM, and what distributed big-data systems like XKEYSCORE could do in malicious hands, he started making plans to leave the intelligence world behind. He wanted to let the public decide if we were okay with what the NSA was doing to us all and have an open discussion at great risk to himself. After a trip to Hong Kong in May 2013, combined with the help of filmmaker Laura Poitras and journalist Glenn Greenwald, the Global Surveillance Disclosure of 2013 was kicked off by the Washington Post and The Guardian and continue to come out with new stories from those leaks to this day, over 5 years later.
The five years since the Snowden leaks of 2013 and surprise, surprise ECHELON was confirmed in 2015 by the Snowden leaks as a component or pseudonym for the Five Eyes. This vindicated the whistleblowers Captain Pyle, Seymour Hersh, Margaret Newsham, Perry Fellwock, and William Binney’s decades old claim of illegal domestic mass surveillance by the NSA since 1945 on the American populus.
The NSA has seen gradual increases in their budget,(aside from the 2013 sequestration), in addition to a drastic relaxation of their data tasking collection limitations due to the events of September 11th, 2001. 9/11 was the beginning of the intelligence-industrial complex gold rush. Remember that FISA court established in 1978 that was intended to keep the intelligence agencies under control? Since 9/11 the court is alleged to have a de facto “rubber stamp” on warrant applications.
Other intelligence employees have circumvented the CIA/NSA’s security measures in recent history as well, with ex-NSA and CIA employee and alleged Wikileaks Vault7 leaker Josh Schulte, or the theft of NSA hacking tools by ex-NSA software developer and TAO employee Ngia Hoang Pho. There’s quasi-hoarder/possible spy Harold T Martin III who simply walked out of his classified workplace with terabytes of classified CIA/NSA/NRO/DOD agency data unchallenged. Lastly, we also have ex-NSA translator Reality Winner, who like Mr. Pho pleaded guilty and are now serving their 5 year federal sentences. The cracks in the palace are growing larger.
Remember that “pattern-of-life” concept and metadata I mentioned earlier? This pattern-of-life metadata is, in the opinion of the agency, crucial to their domestic and foreign operations for programs like XKEYSCORE or PRISM. These systems take globally sourced data, and fuze it together into a profile or pattern-of-life based on “selectors”, which is intelligence jargon for search criteria. I imagine it to be like the world’s creepiest Google search.
Two years after the Snowden leaks in June 2015, and after numerous reports of the FISA Court “rubber stamping” the surveillance applications, the NSA suffered a public yet albeit temporary setback when Section 215 of the Patriot Act was allowed to expire. This temporarily limited their lawful collection on Americans, but the government attempted to provide a compromise for Americans and the NSA through the “The USA Freedom Act“. The act required reports to be created detailing the amount of domestic targeted surveillance using unique identifiers, but experts like ex-NSA employee and whistleblower, William Binney, or the Electronic Frontier Foundation consider it lip service.
In fact the E.F.F confirmed in September 2018 that the NSA continues to have difficulty disclosing how many americans they’re actively surveilling by conveniently experiencing ‘technical difficulties’ that are so severe that some of the brightest minds in computer science apparently can’t solve them. Their solution? Dispose of three years of “crucial national security” domestic surveillance data. It’s hard to prove you’re complying when you dispose of the evidence.
We now know for sure a few things about the NSA. They historically don’t ask for permission, they ask for forgiveness. They are mission focused to the point of contravention of the US Constitution even after being caught for illegal activity multiple times in the past. How about the elephant in the room like the glaring conflict of interest mandate that essentially calls for splitting the NSA into two separate and distinct entities. One for actual defense and trustable security that doesn’t provide intentionally weakened encryption schemes with backdoors and offered as a standard by NIST. (EC-DRBG anyone?), and security theatre. How can the NSA keep us all safe and secure when one aspect of the agency is tasked with defense, while the other part of the agency is tasked with destroying the other sides defense?
So how does the NSA spy on us? There is no short answer.They’re everywhere and have been for a long time. The NSA is like a co-dependent set of abusive parents with a substantial history of crossing the line in terms of their duty of care. One of the parents happens to be a passive hoarder, while the other parent is the epitome of nosey and seeks to know everything but manages to violate privacy, legality, and morality pathologically under the banner of “Security”. This parent also knows how and where to hurt you if they need to. Once that happens you will feel bureaucratic wrath like no other. Do we really need parents like this watching over us?
WWII created a seed called SIGINT that was allowed to grow wild into a decentralized worldwide multi-spectrum, mass collection fruit that is more poisonous than Sleeping Beauty’s apple, but twice as appealing to Nation States.
This is part 4 of a series:
- How the NSA Spies on Us All – Part 1: The Early Years
- How the NSA Spies on Us All – Part 2: The 60’s and 70’s
- How the NSA Spies on Us All – Part 3: The 80’s & 90’s
- How the NSA Spies on Us All – Part 4: The 90’s – Present