Professional Documents
Culture Documents
Title of Micro-Project: Case study on data leakage from NSA (National Security Agency)
2.0 Rationale:
Advancements and applications of Computer Engineering and Information Technology are ever
changing. Emerging trends aim at creating awareness about major trends that will define technological
disruption in the upcoming years in the field of Computer Engineering and Information Technology.
As there is innovation in technology technical threats are also getting involved in human life
which is a threat to human society. To make people aware of one of these issues, our group decided to
create a case study on PRISM attack by Edward Snowden, which has caused major financial and data
losses.
Edward Joseph Snowden (born June 21, 1983) is an American former computer intelligence
consultant who leaked highly classified information from the National Security Agency (NSA) in 2013,
when he was an employee and subcontractor. His disclosures revealed numerous global
surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the
cooperation of telecommunication companies and European governments, and prompted a cultural
discussion about national security and individual privacy.
Here is what we know about Snowden’s work environment and the tools he had at his disposal:
i. Valid Access
ii. SSH Keys
iii. Limited Computing Resources
Introduction:
Edward Snowden is the name of a 29-year-old technical assistant for the Central Intelligence
Agency who disclosed the largest surveillance program implemented by the US known as the PRISM
program. For better or for worse, his name is destined to enter into history. The Guardian identified
Edward Snowden as a technical assistant who worked for US Intelligence at the National Security
Agency for the last four years for various defense contractors. Currently he is an employee of
security defense contractors Booz Allen Hamilton.
Snowden decided to reveal his identity because like other whistleblowers, such as Bradley
Manning, the US Army soldier who was arrested in May 2010 in Iraq on suspicion of having passed
classified material to the website WikiLeaks, he decided to make public an uncomfortable truth.
Edward Snowden feared that the government will persecute him for disclosing Top Secret
documentation on the extensive massive surveillance program PRISM. While I’m writing this, he is
in a hotel in Hong Kong, where he flew after the publication of the presentation he prepared during
his work in the NSA Office in Hawaii, around three weeks ago. Snowden decided to publish the
history and proof of a program that every US citizen imagined but that authorities and private
companies always denied. He left the US citing health reasons and flew to Hong Kong, the Chinese
territory known also for its “strong tradition of free speech.”
According to the interview released to The Guardian, Edward Snowden is concerned, as he
knows very well the power of intelligence agencies and the ramifications of his actions. He has thus
barricaded himself in a hotel.
Fig.1: Edward Snowden
What is PRISM?
Classified presentation slides detailing aspects of PRISM were leaked by a former NSA
contractor. On June 6th, The Guardian and The Washington Post published reports based on the leaked
slides, which state that the NSA has "direct access" to the servers of Google, Facebook, and others. In
the days since the leak, the implicated companies have vehemently denied knowledge of and
participation in PRISM, and have rejected allegations that the US government is able to directly tap into
their users' data.
Both the companies and the government insist that data is only collected with court approval and
for specific targets. As The Washington Post reported, PRISM is said to merely be a streamlined system
— varying between companies — that allows them to expedite court-approved data collection requests.
Because there are few technical details about how PRISM operates, and because of the fact that the
FISA court operates in secret, critics are concerned about the extent of the program and whether it
violates the constitutional rights of US citizens.
Fig.2.1: PRISM
As The Washington Post reported, The Protect America Act of 2007 led to the creation of a
secret NSA program called US-984XN — also known as PRISM. The program is said to be a
streamlined version of the same surveillance practices that the US was conducting in the years following
9/11, under President George W. Bush’s "Terrorist Surveillance Program."
The Protect America Act allows the attorney general and the director of national intelligence to
explain in a classified document how the US will collect intelligence on foreigners overseas each year,
but does not require specific targets or places to be named. As the Post reports, once the plan is
approved by a federal judge in a secret order, the NSA can require companies like Google and Facebook
to send data to the government, as long as the requests meet the classified plan's criteria.
While PRISM has been the most talked-about story to come out of Snowden’s leaks, the
disclosures have shed light on a vast array of NSA surveillance programs. Broadly speaking, these can
be split into two categories: "upstream" wiretaps, which pull data directly from undersea
telecommunications cables, and efforts like PRISM, which acquire communications from US service
providers. One of the slides in the leaked PRISM presentation instructs that analysts "should use both"
of these sources.
NSA programs collect two kinds of data: metadata and content. Metadata is the sensitive by
product of communications, such as phone records that reveal the participants, times, and durations of
calls; the communications collected by PRISM include the contents of emails, chats, VoIP calls, cloud-
stored files, and more. US officials have tried to allay fears about the NSA’s indiscriminate metadata
collection by pointing out that it doesn’t reveal the contents of conversations. But metadata can be just
as revealing as content — internet metadata includes information such as email logs, geolocation data
(IP addresses), and web search histories. Because of a decades-old law, metadata is also far less well-
protected than content in the US.
Many crucial details on how and under what circumstances the NSA collects data are still
missing. Legally speaking, surveillance programs rely on two key statutes, Section 702 of the FISA
Amendments Act (FAA) and Section 215 of the Patriot Act. The former authorizes the collection of
communications content under PRISM and other programs, while the latter authorizes the collection of
metadata from phone companies such as Verizon and AT&T. However, multiple reports and leaked
documents indicate the statutes have been interpreted in secret by the FISA intelligence courts to grant
much broader authority than they were originally written to allow. They also indicate that the FISA
courts only approve the NSA’s collection procedures, and individual warrants for specific targets are not
required.
An analyst starts by inputting "selectors" (search terms) into a system like PRISM, which then
"tasks" information from other collection sites, known as SIGADs (Signals Intelligence Activity
Designators). SIGADs have both classified and unclassified code names, and are tasked for different
types of data — one called NUCLEON gathers the contents of phone conversations, while others like
MARINA store internet metadata.
Leaked documents show that under the agency’s targeting and "minimization" rules, NSA analysts can
not specifically target someone "reasonably believed" to be a US person communicating on US soil.
According to The Washington Post, an analyst must have at least "51 percent" certainty their target is
foreign. But even then, the NSA’s "contact chaining" practices — whereby an analyst collects records
on a target’s contacts, and their contacts’ contacts — can easily cause innocent parties to be caught up in
the process.
The companies at the heart of PRISM’s controversy are also acting out, but the specific details
regarding their involvement in government surveillance on US citizens is still unclear. Microsoft,
Google, Yahoo, and others have stepped up pressure on the government in the past month to declassify
the process which compels them to hand over user data to the government. In an impassioned plea made
by Microsoft on July 16th, the company’s general counsel Brad Smith said: "We believe the US
constitution guarantees our freedom to share more information with the public, yet the government is
stopping us."
Fig.3: Methods of Data Collection by NSA.
If the payload is encrypted, the NSA still have a good chance of decrypting it. The NSA spent
US$2 billion on a massive data centre in Utah, which is set to open later this year, and have
recently commissioned a second in Maryland. These could house enough computers to store the NSA’s
collection of intercepted traffic for years to come. Future developments in decryption could allow the
NSA to decrypt the messages they are intercepting today.
Under the Patriot Act, which was signed into law in 2001 in response to the 9/11 terrorist attacks,
US agencies have the authority to compel companies like Google, Yahoo and Apple to provide their
private cryptographic keys to the NSA, allowing the NSA to decrypt secure traffic going through those
companies. Under the same act it is an offense to tell anyone it has happened. Even without the keys,
some “secure” web traffic can be decrypted using brute force methods.
Fig.4: PRISM Tasking Process.
The Snowden disclosures have led many on Capitol Hill and beyond to conclude that the
political and legal mechanisms necessary to hold the NSA accountable in functioning democracy are no
longer fit for purpose.
The Foreign Intelligence Surveillance Act of 1978 (Fisa) was intended to curtail the NSA’s
ability to use its capabilities against Americans. It was passed as part of a backlash against one of the
biggest controversies of that era: the unlawful surveillance by the intelligence agencies of US political
activists, trade union leaders and civil rights leaders.
Fisa codified in law for the first time that the NSA was about foreign intelligence. If there was a
suspicion about a spy or some agent of a foreign power operating in the US, the NSA and the FBI could
apply for a warrant in a new surveillance court, the Fisa court.
But since then, according to Wyden, the way the laws work in practice by the intelligence agencies has
become shrouded in secrecy. The 2008 Fisa Amendments Act, renewed in 2012, allows for the
collection of communications without a warrant, where at least one end of the communications is a non-
US person.
The NSA legal basis — disputed — for bulk collection of Americans' phone data comes under a
different law, section 215 of the 2001 Patriot Act. The Bush administration, in secret after 9/11, turned
loose the NSA to collect bulk email records domestically. The NSA interpreted section 215 of the
Patriot Act as allowing them to collect phone metadata in the US. The NSA asserts that a number of
laws and legal precedents justify its surveillance programs. What legal authorities does the NSA rely on
to justify the collection of:
The Fisa court and its proceedings are secret, or at least they were until the Snowden revelations.
Given this, it is nearly impossible to challenge its interpretation of the law. The government is the only
petitioner before the court, with no advocates for privacy interests. The NSA argues that since that it is
engaged in covert operations, it is hardly surprising that the court proceedings are secret. In January
2009, the FISA court was notified that the NSA had been querying business records metadata “in a
manner that appear[ed] to the Court to be directly contrary” to the court's order allowing it to so. In
response, the FISA court ordered the government to explain itself. These documents detail this exchange
as the NSA struggled to understand the business records program and ensure compliance.
Federal prosecutors secretly charged former National Security Agency contractor Edward
Snowden last week with three felonies in connection with recent leaks of classified information about
secret U.S. surveillance programs, according to a court complaint unsealed Friday.
Snowden was charged with conveying classified information to an unauthorized party, disclosing
communications intelligence information, and theft of government property. The charges, which can
carry a penalty of up to ten years in prison on each count, were filed in federal court in Alexandria, Va.,
last Friday.
The Justice Department is believed to be seeking Snowden’s extradition from Hong Kong,
although his precise whereabouts at the moment are not publicly known.
In the URL field of the browser, type in “https://” before the domain name. Your browser will download
a certificate from the website and use it to exchange a shared encryption key. From then on, all your
traffic is encrypted. If you don’t see “https” in the URL field, it’s not encrypted.
Not all websites use good keys or encryption algorithms. At ssllabs.com you can test the sites you visit
and (politely) ask them to improve their security.
There are two possible approaches to preventing website tracking: black listing and white listing. Black
list programs use lists of known spyware sites and block those activities. PeerBlock is one such program.
NoScript is a white list system, and turns off JavaScript (a programming language which runs in your
browser) when you visit a site unless the site is on the list. Most tracking uses JavaScript, so turning it
off makes it harder (but not impossible) for the spies to track you.
If you upload files to the internet, you might want to control who reads them. An easy solution is to
password protect them. Microsoft Office products provide the option of setting a password, but this is
not particularly strong. Another approach is to put the file in a zip, rar or 7z container and set the
password. The best approach is to use a serious encryption system which really scrambles the file
contents with a really big key and a strong algorithm, such as TrueCrypt.
5) Trust no-one
Do you use Dropbox? iCloud? Other cloud services? Do you have a password? If you do, so do they. If
you forget your password, can they tell you what it is? Some cloud services offer accelerated uploads
and syncing. They can do this because they know what you’ve uploaded, and it also means they have the
key and can provide it to the NSA. The only way to be sure is to encrypt your files before they leave
your computer. Don’t use the provider’s encryption software. Use open source software, so any hidden
back doors will be discovered. AxCrypt is a nice example.
Every message (or web request) you send on the internet has headers – with your address, the
destination address, the date and time. Spooks can use this meta-data to link you to your friends and
their friends.
Anonymising services and products attempt to obscure your web behaviour by mixing your traffic with
other people’s traffic and by “tunnelling” (encrypting) your traffic between locations. You install a
proxy server or a virtual private network (VPN) client, which encrypts your traffic and sends it to
another location, where it is decrypted.
The NSA can read the traffic once it leaves the tunnel, but can’t separate your traffic from the traffic of
other users of the system. The more users there are, the more anonymous your traffic becomes.
To be sure your PC is free of all unwanted software, you can use a read-only operating system. There
are many bootable Linux distributions which detect your hardware at boot time and contain a suite of
pre-installed programs such as web browsers and VPN clients. Puppy Linux (really fast) and Privatix
(really secure) are good examples. They reveal nothing about your computer and cannot be infected
because they don’t write to the hard disk. These are ideal if you’re really paranoid.
8) Safe text
Texting with a phone is not secure. Skype chat is monitored by Microsoft. Email normally uses
unencrypted protocols, and is not secure. Even sending emails through websites (with “https”) is no
guarantee of security because most mail servers communicate with each other using plain text protocols
containing the message, sender and recipient. It is possible to install Pretty Good Privacy (PGP) – an
“uncrackable” email encryption scheme - but the process is difficult at best.
However, there are some solutions. Gateway devices can implement PGP at the edge of your network,
allowing you to exchange encrypted email with minimal configuration. Phone apps such as Silent
Circle and iChat can be used to encrypt text messages. CryptoCat does a similar thing through the web.
9) Anonymous searches
We all know Google caches our search terms and profiles us based on what we look up - it’s how they
generate revenue. But there are other search engines which are less interested in what we are doing.
Duckduckgo and Startpage are examples of alternatives. Another option is to use a different Google
(such as google.de or google.ca), or use [Tor].
Soft Skills:
1.Leadership (How to lead a team to get best outcomes)
2. Improvement in presentation skills
3. Teamwork
4. Information Searching
5. Reading and understanding the IEEE Papers related to the topic