K. K. Wagh Polytechnic, Nashik.

HirabaiHaridasVidyanagari, Amrutdham, Panchavati,Nashik-422003

Department of Computer Technology
Micro-Project Report
Institute Code: 0078
Academic Year: 2021-22 Program: Computer Technology
Course: Emerging Trends in Computer & IT Course Code: 22618 Scheme: I
Semester: 6 Class: TYCM – I Date of Report: 13 / 05 /2022

Title of Micro-Project: Case study on data leakage from NSA (National Security Agency)

1.0 Problem Definition:

Write a brief report on data leakage of classified information from NSA (National Security
Agency).
 Write how security of a National Security Agency works.
 Study how the classified information was leaked by intelligence consultant.
 Study how the situation affected the National Security Agency.

2.0 Rationale:

Advancements and applications of Computer Engineering and Information Technology are ever
changing. Emerging trends aim at creating awareness about major trends that will define technological
disruption in the upcoming years in the field of Computer Engineering and Information Technology.

As there is innovation in technology technical threats are also getting involved in human life
which is a threat to human society. To make people aware of one of these issues, our group decided to
create a case study on PRISM attack by Edward Snowden, which has caused major financial and data
losses.

3.0 Aim /Benefits of Micro-Project:

Out Project aims at:
I. To create awareness about PRISM attack among people.
II. To prepare an in-depth case study on PRISM attack by Edward Snowden covering all
aspects of the attack.
III. To help minimize future losses caused by PRISM attack by providing preventive measures.
IV. To study the importance of security.
4.0 Course Outcomes Achieved (COs):
CO604.4: Describe evidence handling procedure
CO604.3: Describe ethical hacking process
CO604.5: Detects Network, Operating System and applications vulnerability

5.0 Literature Review:

Edward Joseph Snowden (born June 21, 1983) is an American former computer intelligence
consultant who leaked highly classified information from the National Security Agency (NSA) in 2013,
when he was an employee and subcontractor. His disclosures revealed numerous global
surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the
cooperation of telecommunication companies and European governments, and prompted a cultural
discussion about national security and individual privacy.

Snowden fabricated digital keys in testimony to the House Permanent Select Committee on

Intelligence, General Alexander explained that Snowden “fabricated digital keys” to enable his attack.

 Here is what we know about Snowden’s work environment and the tools he had at his disposal:
i. Valid Access
ii. SSH Keys
iii. Limited Computing Resources

6.0 Actual Methodology followed:

1. Prepared and finalized the Project Title.

2. Prepared and submitted Micro-Project Proposal.
3. Gathered and studied Information about PRISM attack on NSA
4. Gathered and studied Information about vulnerabilities exploited by PRISM attack on NSA
5. Gathered and studied Information about systems affected by PRISM attack by Edward Snowden.
6. Gathered and studied Information about financial and data losses caused by PRISM attack on
Edward Snowden
7. Analyzed and summarized the available information and prepared a report on PRISM attack by
Edward Snowden.
8. Showcase the project report to guide and take feedback.
9. Improvised the project report as per guide’s suggestions and submitted the Micro-Project Report
along with Viva
7.0 Actual Resources used:
S. No. Name of Resource/material Specifications Qty Remarks
1 Laptop 11th Gen Intel(R) Core(TM) i7, 01 Laptop
RAM: 16GB, SSD: 512GB
2 Operating System Windows 10 x64 bit 01 To work on laptop
3 Software Google's chrome browser -- To search and write
a information
4 Printer Epson L550 01 To print Documents
5 Reference Website https://www.theguardian.com -- For reference
https://www.theverge.com/
https://en.wikipedia.org/

8.0 Outputs of the Micro-Project:

Introduction:

Edward Snowden is the name of a 29-year-old technical assistant for the Central Intelligence
Agency who disclosed the largest surveillance program implemented by the US known as the PRISM
program. For better or for worse, his name is destined to enter into history. The Guardian identified
Edward Snowden as a technical assistant who worked for US Intelligence at the National Security
Agency for the last four years for various defense contractors. Currently he is an employee of
security defense contractors Booz Allen Hamilton.
Snowden decided to reveal his identity because like other whistleblowers, such as Bradley
Manning, the US Army soldier who was arrested in May 2010 in Iraq on suspicion of having passed
classified material to the website WikiLeaks, he decided to make public an uncomfortable truth.
Edward Snowden feared that the government will persecute him for disclosing Top Secret
documentation on the extensive massive surveillance program PRISM. While I’m writing this, he is
in a hotel in Hong Kong, where he flew after the publication of the presentation he prepared during
his work in the NSA Office in Hawaii, around three weeks ago. Snowden decided to publish the
history and proof of a program that every US citizen imagined but that authorities and private
companies always denied. He left the US citing health reasons and flew to Hong Kong, the Chinese
territory known also for its “strong tradition of free speech.”
According to the interview released to The Guardian, Edward Snowden is concerned, as he
knows very well the power of intelligence agencies and the ramifications of his actions. He has thus
barricaded himself in a hotel.
 Fig.1: Edward Snowden

What is PRISM?

Classified presentation slides detailing aspects of PRISM were leaked by a former NSA
contractor. On June 6th, The Guardian and The Washington Post published reports based on the leaked
slides, which state that the NSA has "direct access" to the servers of Google, Facebook, and others. In
the days since the leak, the implicated companies have vehemently denied knowledge of and
participation in PRISM, and have rejected allegations that the US government is able to directly tap into
their users' data.

Both the companies and the government insist that data is only collected with court approval and
for specific targets. As The Washington Post reported, PRISM is said to merely be a streamlined system
— varying between companies — that allows them to expedite court-approved data collection requests.
Because there are few technical details about how PRISM operates, and because of the fact that the
FISA court operates in secret, critics are concerned about the extent of the program and whether it
violates the constitutional rights of US citizens.
 Fig.2.1: PRISM

How PRISM was Created?

As The Washington Post reported, The Protect America Act of 2007 led to the creation of a
secret NSA program called US-984XN — also known as PRISM. The program is said to be a
streamlined version of the same surveillance practices that the US was conducting in the years following
9/11, under President George W. Bush’s "Terrorist Surveillance Program."

The Protect America Act allows the attorney general and the director of national intelligence to
explain in a classified document how the US will collect intelligence on foreigners overseas each year,
but does not require specific targets or places to be named. As the Post reports, once the plan is
approved by a federal judge in a secret order, the NSA can require companies like Google and Facebook
to send data to the government, as long as the requests meet the classified plan's criteria.

Fig.2.2: Creation of PRISM.

What does the NSA Collect?

While PRISM has been the most talked-about story to come out of Snowden’s leaks, the
disclosures have shed light on a vast array of NSA surveillance programs. Broadly speaking, these can
be split into two categories: "upstream" wiretaps, which pull data directly from undersea
telecommunications cables, and efforts like PRISM, which acquire communications from US service
providers. One of the slides in the leaked PRISM presentation instructs that analysts "should use both"
of these sources.

NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive by
product of communications, such as phone records that reveal the participants, times, and durations of
calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-
stored files, and more. US officials have tried to allay fears about the NSA’s indiscriminate metadata
collection by pointing out that it doesn’t reveal the contents of conversations. But metadata can be just
as revealing as content — internet metadata includes information such as email logs, geolocation data
(IP addresses), and web search histories. Because of a decades-old law, metadata is also far less well-
protected than content in the US.

How does the NSA collect the Data?

Many crucial details on how and under what circumstances the NSA collects data are still
missing. Legally speaking, surveillance programs rely on two key statutes, Section 702 of the FISA
Amendments Act (FAA) and Section 215 of the Patriot Act. The former authorizes the collection of
communications content under PRISM and other programs, while the latter authorizes the collection of
metadata from phone companies such as Verizon and AT&T. However, multiple reports and leaked
documents indicate the statutes have been interpreted in secret by the FISA intelligence courts to grant
much broader authority than they were originally written to allow. They also indicate that the FISA
courts only approve the NSA’s collection procedures, and individual warrants for specific targets are not
required.
An analyst starts by inputting "selectors" (search terms) into a system like PRISM, which then
"tasks" information from other collection sites, known as SIGADs (Signals Intelligence Activity
Designators). SIGADs have both classified and unclassified code names, and are tasked for different
types of data — one called NUCLEON gathers the contents of phone conversations, while others like
MARINA store internet metadata.

Leaked documents show that under the agency’s targeting and "minimization" rules, NSA analysts can
not specifically target someone "reasonably believed" to be a US person communicating on US soil.
According to The Washington Post, an analyst must have at least "51 percent" certainty their target is
foreign. But even then, the NSA’s "contact chaining" practices — whereby an analyst collects records
on a target’s contacts, and their contacts’ contacts — can easily cause innocent parties to be caught up in
the process.

The companies at the heart of PRISM’s controversy are also acting out, but the specific details
regarding their involvement in government surveillance on US citizens is still unclear. Microsoft,
Google, Yahoo, and others have stepped up pressure on the government in the past month to declassify
the process which compels them to hand over user data to the government. In an impassioned plea made
by Microsoft on July 16th, the company’s general counsel Brad Smith said: "We believe the US
constitution guarantees our freedom to share more information with the public, yet the government is
stopping us."
 Fig.3: Methods of Data Collection by NSA.

Methods of Data Collection used by PRISM?

Commentators generally agree the NSA’s PRISM technology is based on optical fibre
“wiretaps” placed at the connection of internet providers to companies like Google, Yahoo and
Facebook in the US. (Tapping the signal here gives the companies plausible deniability, as the tap
occurs outside their premises - or maybe they just don’t know, as they
A copy of the optical signal is split off and routed to a room operated by the NSA, where it is
indexed, categorised and shipped back to the NSA for analysis later. Most of the traffic on the optical
fibre is transmitted using plain text protocols – packets which contain a plain text header (to and from
address) and a payload (the message).

If the payload is encrypted, the NSA still have a good chance of decrypting it. The NSA spent
US$2 billion on a massive data centre in Utah, which is set to open later this year, and have
recently commissioned a second in Maryland. These could house enough computers to store the NSA’s
collection of intercepted traffic for years to come. Future developments in decryption could allow the
NSA to decrypt the messages they are intercepting today.

Under the Patriot Act, which was signed into law in 2001 in response to the 9/11 terrorist attacks,
US agencies have the authority to compel companies like Google, Yahoo and Apple to provide their
private cryptographic keys to the NSA, allowing the NSA to decrypt secure traffic going through those
companies. Under the same act it is an offense to tell anyone it has happened. Even without the keys,
some “secure” web traffic can be decrypted using brute force methods.
 Fig.4: PRISM Tasking Process.

Fig.4.2: PRISM Collection Dataflow.

Extent of the PRISM Program?

 Internal NSA presentation slides included in the various media disclosures show that the NSA
could unilaterally access data and perform "extensive, in-depth surveillance on live communications and
stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP
chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in
general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query
raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."
According to The Washington Post, the intelligence analysts search PRISM data using terms
intended to identify suspicious communications of targets whom the analysts suspect with at least 51
percent confidence to not be U.S. citizens, but in the process, communication data of some U.S. citizens
are also collected unintentionally. Training materials for analysts tell them that while they should
periodically report such accidental collection of non-foreign U.S. data, "it's nothing to worry about."
According to The Guardian, NSA had access to chats and emails on Hotmail.com and Skype
because Microsoft had "developed a surveillance capability to deal" with the interception of chats, and
"for Prism collection against Microsoft email services will be unaffected because Prism collects this data
prior to encryption."
Also according to The Guardian's Glenn Greenwald even low-level NSA analysts are allowed to
search and listen to the communications of Americans and other people without court approval and
supervision. Greenwald said low level Analysts can, via systems like PRISM, "listen to whatever emails
they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done
with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."
He added that the NSA databank, with its years of collected communications, allows analysts to
search that database and listen "to the calls or read the emails of everything that the NSA has stored, or
look at the browsing histories or Google search terms that you've entered, and it also alerts them to any
further activity that people connected to that email address or that IP address do in the future."
Greenwald was referring in the context of the foregoing quotes to the NSA program X-Keyscore.

Fig.5: Extent of the Program all over the World.

How the PRISM attack was happened?

 Millions of americans struggling to get health insurance through Obamacare’s new health
exchanges are entering some of their most intimate details into computer systems. The technology they
rely on to keep that information secure — along with their emails, online shopping, banking and more
— is encryption. But your data may not be as secure as you might hope. Encrypting a message involves
scrambling it through a combination of a randomly-generated key and mathematical jumbling. The NSA
and its UK counterpart GCHQ regard this as the biggest threat to their ability to view the vast quantities
of communications data they collect.
Internet companies have given assurances to their users about the security of communications.
But the Snowden documents reveal that US and British intelligence agencies have successfully broken
or circumvented much of online encryption. Much of this, the documents reveal, was not done through
traditional code-cracking, but instead by making deals with the industry to introduce weaknesses or
backdoors into commercial encryption – and even working to covertly undermine the international
standards on which encryption relies.
Computer security experts say that by doing this in their quest to access ever more data, the
intelligence agencies have compromised the computers of hundreds of millions of ordinary internet
users, and undermined one their other key priorities – protecting the US and UK from cyberattacks.
So is all encryption broken? Snowden, in a question-and-answer session on the Guardian website
in June, said that much of the encryption is weak, so the NSA can frequently find ways round it, but
there are strong crypto systems that can still be relied on. Given that Snowden was inside the system
until May, he should know. Snowden endorses a combination of Tor and PGP. Tor is a network that
helps protect privacy and your physical location by providing anonymity, with volunteers bouncing
communications round a network. PGP (Pretty Good Privacy) software can be used to encrypt data.
Levison, the founder of secure email provider Lavabit, is facing a court case because he closed
his company rather than hand over encryption keys.
Fig.6: Conduction of PRISM attack.
How the Evidence was handled by court and what actions was take against Edward Snowden:

The Snowden disclosures have led many on Capitol Hill and beyond to conclude that the
political and legal mechanisms necessary to hold the NSA accountable in functioning democracy are no
longer fit for purpose.
The Foreign Intelligence Surveillance Act of 1978 (Fisa) was intended to curtail the NSA’s
ability to use its capabilities against Americans. It was passed as part of a backlash against one of the
biggest controversies of that era: the unlawful surveillance by the intelligence agencies of US political
activists, trade union leaders and civil rights leaders.
Fisa codified in law for the first time that the NSA was about foreign intelligence. If there was a
suspicion about a spy or some agent of a foreign power operating in the US, the NSA and the FBI could
apply for a warrant in a new surveillance court, the Fisa court.
But since then, according to Wyden, the way the laws work in practice by the intelligence agencies has
become shrouded in secrecy. The 2008 Fisa Amendments Act, renewed in 2012, allows for the
collection of communications without a warrant, where at least one end of the communications is a non-
US person.
The NSA legal basis — disputed — for bulk collection of Americans' phone data comes under a
different law, section 215 of the 2001 Patriot Act. The Bush administration, in secret after 9/11, turned
loose the NSA to collect bulk email records domestically. The NSA interpreted section 215 of the
Patriot Act as allowing them to collect phone metadata in the US. The NSA asserts that a number of
laws and legal precedents justify its surveillance programs. What legal authorities does the NSA rely on
to justify the collection of:
The Fisa court and its proceedings are secret, or at least they were until the Snowden revelations.
Given this, it is nearly impossible to challenge its interpretation of the law. The government is the only
petitioner before the court, with no advocates for privacy interests. The NSA argues that since that it is
engaged in covert operations, it is hardly surprising that the court proceedings are secret. In January
2009, the FISA court was notified that the NSA had been querying business records metadata “in a
manner that appear[ed] to the Court to be directly contrary” to the court's order allowing it to so. In
response, the FISA court ordered the government to explain itself. These documents detail this exchange
as the NSA struggled to understand the business records program and ensure compliance.

What is Fisa Court?

 The United States Foreign Intelligence Surveillance Court (FISC, also called the FISA
Court) is a U.S. federal court established under the Foreign Intelligence Surveillance Act of 1978
(FISA) to oversee requests for surveillance warrants against foreign spies inside the United
States by federal law enforcement and intelligence agencies. Such requests are made most often by
the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). Congress created
FISA and its court as a result of the recommendations by the U.S. Senate's Church Committee.
From its opening in 1978 until 2009, the court was housed on the sixth floor of the Robert F.
Kennedy Department of Justice Building. Since 2009, the court has been relocated to the E. Barrett
Prettyman United States Courthouse in Washington, D.C. In 2013, a top-secret order issued by the court,
which was later leaked to the media from documents culled by Edward Snowden, required a subsidiary
of Verizon to provide a daily, on-going feed of all call detail records – including those for domestic calls
– to the NSA.

Fig.7: Fisa Court.

Charges against Edward Snowden:

Federal prosecutors secretly charged former National Security Agency contractor Edward
Snowden last week with three felonies in connection with recent leaks of classified information about
secret U.S. surveillance programs, according to a court complaint unsealed Friday.
 Snowden was charged with conveying classified information to an unauthorized party, disclosing
communications intelligence information, and theft of government property. The charges, which can
carry a penalty of up to ten years in prison on each count, were filed in federal court in Alexandria, Va.,
last Friday.

The Justice Department is believed to be seeking Snowden’s extradition from Hong Kong,
although his precise whereabouts at the moment are not publicly known.

Fig.8: Charges against Edward Snowden.

Nine ways for Organizations to avoid PRISM attacks:

1) Encrypt your internet traffic

In the URL field of the browser, type in “https://” before the domain name. Your browser will download
a certificate from the website and use it to exchange a shared encryption key. From then on, all your
traffic is encrypted. If you don’t see “https” in the URL field, it’s not encrypted.

2) Check the encryption used by the websites you visit

Not all websites use good keys or encryption algorithms. At ssllabs.com you can test the sites you visit
and (politely) ask them to improve their security.

3) Disable internet use tracking

There are two possible approaches to preventing website tracking: black listing and white listing. Black
list programs use lists of known spyware sites and block those activities. PeerBlock is one such program.
NoScript is a white list system, and turns off JavaScript (a programming language which runs in your
browser) when you visit a site unless the site is on the list. Most tracking uses JavaScript, so turning it
off makes it harder (but not impossible) for the spies to track you.

4) Encrypt your files

If you upload files to the internet, you might want to control who reads them. An easy solution is to
password protect them. Microsoft Office products provide the option of setting a password, but this is
not particularly strong. Another approach is to put the file in a zip, rar or 7z container and set the
password. The best approach is to use a serious encryption system which really scrambles the file
contents with a really big key and a strong algorithm, such as TrueCrypt.

5) Trust no-one

Do you use Dropbox? iCloud? Other cloud services? Do you have a password? If you do, so do they. If
you forget your password, can they tell you what it is? Some cloud services offer accelerated uploads
and syncing. They can do this because they know what you’ve uploaded, and it also means they have the
key and can provide it to the NSA. The only way to be sure is to encrypt your files before they leave
your computer. Don’t use the provider’s encryption software. Use open source software, so any hidden
back doors will be discovered. AxCrypt is a nice example.

6) Tunnel your traffic

Every message (or web request) you send on the internet has headers – with your address, the
destination address, the date and time. Spooks can use this meta-data to link you to your friends and
their friends.

Anonymising services and products attempt to obscure your web behaviour by mixing your traffic with
other people’s traffic and by “tunnelling” (encrypting) your traffic between locations. You install a
proxy server or a virtual private network (VPN) client, which encrypts your traffic and sends it to
another location, where it is decrypted.

The NSA can read the traffic once it leaves the tunnel, but can’t separate your traffic from the traffic of
other users of the system. The more users there are, the more anonymous your traffic becomes.

7) Secure your kit

To be sure your PC is free of all unwanted software, you can use a read-only operating system. There
are many bootable Linux distributions which detect your hardware at boot time and contain a suite of
pre-installed programs such as web browsers and VPN clients. Puppy Linux (really fast) and Privatix
(really secure) are good examples. They reveal nothing about your computer and cannot be infected
because they don’t write to the hard disk. These are ideal if you’re really paranoid.

8) Safe text

Texting with a phone is not secure. Skype chat is monitored by Microsoft. Email normally uses
unencrypted protocols, and is not secure. Even sending emails through websites (with “https”) is no
guarantee of security because most mail servers communicate with each other using plain text protocols
containing the message, sender and recipient. It is possible to install Pretty Good Privacy (PGP) – an
“uncrackable” email encryption scheme - but the process is difficult at best.

However, there are some solutions. Gateway devices can implement PGP at the edge of your network,
allowing you to exchange encrypted email with minimal configuration. Phone apps such as Silent
Circle and iChat can be used to encrypt text messages. CryptoCat does a similar thing through the web.

9) Anonymous searches

We all know Google caches our search terms and profiles us based on what we look up - it’s how they
generate revenue. But there are other search engines which are less interested in what we are doing.
Duckduckgo and Startpage are examples of alternatives. Another option is to use a different Google
(such as google.de or google.ca), or use [Tor].

9.0 Skill Developed / Learning outcome of this Micro-Project:

Technical skills:
1. Gained knowledge about ethical hacking.
2. Understood the concept of Firewall.
3. Got to know about cyber security.
4. Understood the Fundamentals of Computer Networking.
5. Documentation.

Soft Skills:
1.Leadership (How to lead a team to get best outcomes)
2. Improvement in presentation skills
3. Teamwork
4. Information Searching
5. Reading and understanding the IEEE Papers related to the topic

10.0 Applications of Micro Project:

1. Beneficial to various Organizations in order to understand the working of PRISM, how to prevent
attacks and what precautions should be taken, etc.
2. Useful for Students to study thoroughly about the PRISM attack
3. Advantageous for all Organizations as they will get to know the working and preventive measures to
protect their important data.

11.0 Name of Group Members:

 Enrolment  Roll No. Seat No. Name of Students Student Signature

1900780322 16 Dhondage Tushar Tanaji

1900780323 17 Dolare Akhilesh Milind
1900780324 18 Gaikwad Amit Vilas

Date: 13 / 05 /2022 Evaluated by: Dated Signature of Guide: __________________

Name of Guide: Mr. H M Gaikwad