The Online Habits That Trigger NSA Spying

A recent report reveals the online behaviors that will get you tailed by the spies.

Wor­ried about the Na­tion­al Se­cur­ity Agency mon­it­or­ing you? If you take cer­tain steps to mask your iden­tity on­line, such as us­ing the en­cryp­tion ser­vice TOR, or even in­vest­ig­at­ing an al­tern­at­ive to the buggy Win­dows op­er­at­ing sys­tem, you’re all but ask­ing for “deep” mon­it­or­ing by the NSA.

TOR is an en­cryp­tion net­work de­veloped by the U.S. Nav­al Re­search Labor­at­ory in the 1990s. The mil­it­ary’s hope was to en­able gov­ern­ment work­ers to search the web without ex­pos­ing their loc­a­tions and iden­tit­ies. The sys­tem today is widely avail­able, runs on open-source code, and is pop­u­lar among pri­vacy ad­voc­ates as a more se­cure al­tern­at­ive to open In­ter­net surf­ing, par­tic­u­larly in coun­tries with re­press­ive re­gimes. It works by en­crypt­ing the user’s ad­dress and rout­ing the traffic through serv­ers that are loc­ated around the world (so-called “onion rout­ing.”) How does the NSA ac­cess it? Through a com­puter sys­tem called XKey­score, one of the vari­ous agency sur­veil­lance tools that NSA leak­er Ed­ward Snowden dis­closed last sum­mer.

Ac­cord­ing to a re­cent re­port from the Ger­man me­dia out­let Ta­gesschau, a group of TOR af­fil­i­ates work­ing with Ta­gesschau looked in­to thesource code for XKey­score. They found that nine serv­ers run­ning TOR, in­clud­ing one at the MIT Com­puter Sci­ence and Ar­ti­fi­cial In­tel­li­gence Labor­at­ory, were un­der con­stant NSA sur­veil­lance. The code also re­vealed some of the be­ha­vi­ors that users could un­der­take to im­me­di­ately be tagged or “fin­ger­prin­ted” for “deep-pack­et in­spec­tion,” an in­vest­ig­a­tion in­to the con­tent of data pack­ages you send across the In­ter­net, such as emails, Web searches, and brows­ing his­tory.

If you are loc­ated out­side of the U.S., Canada, the U.K., or one of the so-called Five Eyes coun­tries part­ner­ing with the NSA in its sur­veil­lance ef­forts, then vis­it­ing the TOR web­site trig­gers an auto­mat­ic fin­ger­print­ing. In oth­er words, simply in­vest­ig­at­ing pri­vacy-en­han­cing meth­ods from out­side of the United States is an act worthy of scru­tiny and sur­veil­lance ac­cord­ing to rules that make XKey­score run. An­oth­er in­frac­tion: hat­ing Win­dows.

If you vis­it the for­um page for the pop­u­lar Linux Journ­al, ded­ic­ated to the open-source op­er­at­ing sys­tem Linux, you could be fin­ger­prin­ted re­gard­less of where you live be­cause the XKey­store source code des­ig­nates the Linux Journ­al as an “ex­trem­ist for­um.” Search­ing for the Tails op­er­at­ing sys­tem, an­oth­er Win­dows al­tern­at­ive pop­u­lar among hu­man-rights watch­ers, will also land you on the deep-pack­et in­spect­ee list.

Sci­ence-fic­tion au­thor Cory Doc­torow, an ed­it­or at the pop­u­lar tech­no­logy blog Bo­ing Bo­ing, was quick to take ex­cep­tion to the find­ings, ques­tion­ing not only the pro­pri­ety of the tac­tics re­vealed in the re­search­ers’ re­port but also their util­ity.

TOR and Tails have been part of the main­stream dis­cus­sion of on­line se­cur­ity, sur­veil­lance, and pri­vacy for years. It’s noth­ing short of bizarre to place people un­der sus­pi­cion for search­ing for these terms.”

More im­port­antly, this shows that the NSA uses ‘tar­geted sur­veil­lance’ in a way that beg­gars com­mon sense. It’s a dead cer­tainty that people who heard the NSA’s re­as­sur­ances about ‘tar­get­ing’ its sur­veil­lance on people who were do­ing something sus­pi­cious didn’t un­der­stand that the NSA meant people who’d looked up tech­nic­al de­tails about sys­tems that are routinely dis­cussed on the front page of every news­pa­per in the world.


Doc­torow goes on to spec­u­late, with the help of an an­onym­ous ex­pert, that the NSA’s in­ten­tion in mark­ing the TOR-curi­ous for mon­it­or­ing was to “sep­ar­ate the sheep from the goats — to split the en­tire pop­u­la­tion of the In­ter­net in­to ‘people who have the tech­nic­al know-how to be private’ and ‘people who don’t’ and then cap­ture all the com­mu­nic­a­tions from the first group.”

The bet­ter able you are at pro­tect­ing your pri­vacy on­line, the more sus­pi­cious you be­come.

How many sheep and how many goats are there? Not all of the XKey­score fin­ger­print­ing trig­gers ap­ply to U.S. cit­izens, as men­tioned above, but some 14 per­cent of U.S. In­ter­net users have taken some step to mask their iden­tity on­line us­ing en­cryp­tion ac­cord­ing to the PEW In­ter­net and Amer­ic­an Life sur­vey from Septem­ber of last year.

The rev­el­a­tions un­der­score the fact that in the post-Snowden en­vir­on­ment, pri­vacy is less of a giv­en and more of a fast-paced cat-and-mouse game. An en­cryp­tion net­work, de­veloped by the mil­it­ary, gains pop­ular­ity among a pub­lic in­creas­ingly wor­ried about gov­ern­ment sur­veil­lance. The net­work is then hacked by the gov­ern­ment that cre­ated it. Of course, you don’t have to be the NSA to crack TO; you just need a bit of money. Two re­search­ers, Al­ex­an­der Volynkin and Mi­chael Mc­Cord, will present­ing at the pop­u­lar Black Hat con­fer­ence next month, a pro­voc­at­ive ses­sion called “You Don’t Have To Be the NSA to Break TOR: Dean­onymz­ing Users On a Budget.” They re­port that they can crack TOR and dis­close a spe­cif­ic user’s iden­tity for just $3,000.

Source: The Online Habits That Trigger NSA Spying

%d bloggers like this: