NSA XKeyscore Screenshots - A Glimpse into a PRISM App

  • 31 July 2013
  • 1 reply
  • 40 views

Userlevel 7
  • Retired Webrooter
  • 1581 replies
Glenn Greenwald, over at The Guardian, has just released screenshots of an NSA app called XKeyscore.  This latest leak provides some insight into tools used by the NSA in their domestic spying program.  According to the screenshots from an NSA training slide deck, analysts can search by email address, IP address, telephone number, keywords, language, and browser in use.  As one slide points out, pretty much anything an average internet user does is done via http, so naturally that's what the NSA is interested in.



The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.



Can you imagine having this much information at your fingertips?

1 reply

Userlevel 7
Update: In addition to being able to search by email address, IP address, telephone number, keywords, language, and browser in use, it is now known that XKeyscore can run a search for exploitable computers and determine who VPN connections belong to.
 
Ars Technica is reporting:
This capability essentially turns X-Keyscore into a sort of passive port scanner, watching for network behaviors from systems that match the profiles of systems for which the NSA’s TSO has exploits constructed, or for systems that have already been exploited by other malware that the TSO can leverage. This could allow the NSA to search broadly for systems within countries such as China or Iran by watching for the network traffic that comes from them through national firewalls, at which point the NSA could exploit those machines to have a presence within those networks.
 


 
Other slides in the set of documents explain how X-Keyscore could be used to track down VPN sessions and determine who they belong to from selected countries. The program could also be used to capture metadata on the use of PGP encryptions in e-mails and encrypted Word documents for later decryption. While X-Keyscore keeps a "buffer" of all the Internet traffic it traps at its tap locations for about three days, metadata on traffic can be kept for up to 30 days, allowing the NSA to trace and store information on who created documents passing across the Internet. "No other system performs this on raw unselected bulk traffic," the document states—implying that searches can be made across traffic that hasn't been specifically tagged for monitoring.
 


While the NSA maintains that they only use this functionality when they are allowed to, there is a great deal of concern right now over what constitutes "being allowed."

Reply