If you take a country , there are millions or billions of data transactions going on in a particular moment from simple chat messages to video streaming. How they analyze this huge data streams as it happens and what kind of tools they are using?
They are not able to analyze the entire thing. They analyze certain Internet Exchange Points (IXPs), and even those swamp them with huge amounts of data. They likely only process metadata, while keeping the full data in a circular buffer (the usual way to process massive amounts of networking traffic). They use tools like XKeyscore, which is basically a glorified NIDS (like Bro, but with its own custom rule syntax, and a lot of memory).
I also heard that all the internet traffic is going through 8 or 12 NSA servers ? is this true ? if so, what kind of methods or tools they are using to identify communications which they are interested among various other communications ?
All traffic? No. There is no way the NSA could do that, or even all of FVEY and SSEUR combined. They analyze metadata using XKeyscore or similar methods. Nothing magical, just a custom NIDS.
However, even without being able to tap all IXPs simultaneously, they are able to record unencrypted NetFlow records being exported by various ISPs. Cisco NetFlow is a technology which records information on every 1/10,000th packet, by default. Typically this information is exported to a remote server in an unencrypted form. If this traffic passes through a tapped connection, or is present on a compromised router, the NSA will get this information, and will effectively see what that router sees.
My questions mainly targeting how they analyze this huge data traffics and pinpoint what they exactly need.
Simply put, they don't. They are absolutely swamped with the huge amount of data they are getting. That's not to say that they aren't still processing it, but they are taking in so much that it's overwhelming them.
