By U AC
EDWARD Snowden hoo-ha might have ended ten years ago, but illegal spying by the US carries on, both on its partners and anyone it wants to control, via warrantless surveillance rights to indiscriminately monitor communications of all internet users around the world.
Snowden popularized the term ‘metadata’ and started a heated debate about mass surveillance. He had succeeded beyond imagination. But who is there to defend our democracy and rights in this digital age?
The intelligence agencies (CIA, NSA, FBI - acronyms stated at end of article) dismissed such claims at that time, arguing that their programmes are constitutional, and subject to rigorous congressional and judicial oversight, yet critical to meet their overriding aim of protecting the public from terrorist attacks. As usual, they regurgitate the age-old slogan: if you have nothing to hide, you have nothing to be scared of!
The whole world was shaken at that time. Its allies were rightly upset, its so-called enemies were proven right about what they had suspected all along, people were livid due to lack of some social responsibility, US internet companies claimed they were forced into cooperation and NGOs warned that surveillance was going beyond the intention of lawmakers.
Cell phones, laptops, Facebook, Instagram, X, Skype, and chat rooms: all allow the NSA to build what it calls ‘a pattern of life’, a detailed profile of a target and anyone associated with them. And the number of people caught up in this dragnet can be huge. You have to recall the Bourne Identity, Supremacy and Ultimatum trilogy of movies, to visualize the level of spying and black ops going on.
Ten years ago, faced with this growing public and political concern over the quantities of data it is collecting, the NSA said it collected only a tiny proportion of the world’s internet traffic, equivalent to a “dime on a basketball court”. But in reality, that is still a huge amount of data. It says it needs all this data to help prevent another terrorist attack like 9/11. To find the needle in the haystack, they argue, they need access to the whole haystack. Yet, the US Congress did not find any substantial evidence of NSA actions stopping terrorist attacks. NSA claimed 54 terror attacks being stopped, but was fact-checked to be only 4.
That was ten years ago. The chances were you were already sharing a lot more personal information than you thought, even back then.
Spying Continued
Now Five Eyes countries jointly conduct cyber espionage operations eavesdropping, tapping and collecting metadata upon other countries from Russia to China to Germany and France. Instead of toning down its indiscriminate monitoring and illegal spying operations, the Five Eyes have up their ante by introducing programmes such as False Flag operations, misleading traceability attribution and implanted backdoors in the internet products US companies sold to other countries.
US longstanding strategy of ‘forward defence’ and carrying out ‘hunt forward’ operations requires that it continues to stealthily spy on other countries by hook or by crook. At the same time, since Snowden’s time, due to investigations by US lawmakers, the tactics have gone underground, trying to cover up its attacks, erasing fingerprints of cyber espionage and attempting to obscure various identifiable features of its assaults. The worst of all was inputting code ‘strings’ in other languages to mislead cybersecurity experts and frame other countries for cybersurveillance.
According to China’s CVERC, Volt Typhoon was one such programme, deployed by the Five Eyes recently. China’s Global Times also highlighted a stealth tool kit codenamed ‘Marble’ used in such operations. The report claimed Marble can use over 100 algorithms to replace readable content in source code files with unrecognizable content and has the ability to insert interfering strings.
False Flag operations are a major component of Influence Operations by the Five Eyes countries. Influence operations include two aspects: (dis) Information operations and Technical disruption operations. Its 4D principles of deny, disrupt, degrade, and deceive are in full observation in its cyber spying activities.
Five Eyes’ illicit spying activities are helped by the fact that much of the world’s communications traffic passes through the US or its close ally the UK – what the agencies refer to as “home-field advantage”, because of the fact that it can control the world’s most internet choke points such as Atlantic submarine fibre optic cable and Pacific submarine fibre optic cable. The UK is connected to 57 countries by fibre optic cables whereas the US is connected to 63. NSA works closely with the FBI and British NCSC to carry out protocol analysis and data theft of the full amount of data transmitted by fibre optic cables, to achieve wholesale monitoring of internet users around the world.
The NSA has its own cable-intercept programs tapping traffic flowing into and across the US. These are collectively known as the Upstream collection. NSA runs these surveillance programmes through “partnerships” with major US telecom and internet companies. The Upstream project function is to retain all the original communication data of submarine fibre optic cables intercepted by monitoring stations in a massive data ‘reservoir’. The second project of NSA is Prism, whose main function is to classify the original data from the Upstream collection accordingly and to analyze its content. It is also a “downstream” programme – which collects the data from Google, Facebook, Apple, Yahoo and other US internet giants.
The above snooping would be sufficient provided if the data that they wanted actually travelled through the above submarine pipelines. What if the data they wanted to spy on stayed just within Russia or China? To solve this problem NSA conducts CNE for specific targets located in such blind spots and the Office of TAO follows up with the dirty work. To be specific, using advanced US technology and products, in cooperation with US internet, software and equipment suppliers, TAO would intercept and disassemble US products purchased by the entities in these blind spot territories, implant backdoors and repackage them before shipping them to their destination. These products once in use, would transmit back the required top-secret content back to NSA headquarters.
The division inside the NSA that deals with collection programmes that focus on private companies is Special Source Operations, described by Snowden as the “crown jewels” of the NSA, under the heading of ‘Corporate Partner Access’. It has already set out its mission: “Leverage unique key corporate partnerships to gain access to high-capacity international fibre optic cables, switches and/or routes throughout the world.” The names of many of the NSA’s “corporate partners” are so sensitive that they are classified as “ECI” — Exceptionally Controlled Information.
The future
Public opinion is polarized over surveillance, but polls over recent years showed a consistent increase in concern over privacy. Meanwhile, the unlawful activities by the Five Eyes continued, invading the privacy of many, not under its sovereignty as well as stealing the confidential top-secret information of other countries.
With the new peace-advocating President in place this year, hopefully, these anti-peace activities will discontinue soon. Optimistically, the $400 million assistance via Burma Act to antigovernment forces could be halted too, thereby stopping $20,000+ a month funding to each of the illegal fake news agencies in Chiang Mai, that did more to bring the country down than help any fellow citizens prosper.
ACRONYMS:
NSA: National Security Agency
CIA: Central Intelligence Agency
FBI: Federal Bureau of Investigation
Metadata: Data providing information about other aspects of that data, e.g., information about the time and location of a phone call or email, as opposed to the contents of those conversations or messages.
Five Eyes countries: US, Canada, UK, Australia, and New Zealand,
False Flag operation: an act committed with the intent of disguising the actual source of responsibility and pinning blame on another party.
Traceability attribution: tracing and attributing security-relevant actions (i.e., subject-object interactions) to the entity on whose behalf the action is being taken.
Implanted backdoor: a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment.
CVERC: China Virus Emergency Response Centre
String: a data type used in programming, that is used to represent text rather than numbers.
NCSC: National Cyber Security Centre
Protocol analysis: tools to identify and create categories of propositions and semantic organization of text segments.
CNE: Computer Network Exploitation
TAO: Tailed Access Operation
