3

Here's one thing that keeps bugging me ever since I heard about the NSA revelations. From what I heard, NSA built a system that basically sees most of the internet, made of many subsystems which affect the networks. Judging by the leaked documents, they were pretty invasive, yet nothing was detected before. How is that possible?

I mean, I don't believe in perfect software at the first try. Especially a system that processes a tremendous lot of various data in the real time. How could they design a system that achieves that, without getting hacked or at least crashes resulting in observable anomalies?

d33tah
  • 6,524
  • 8
  • 38
  • 60
  • Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. – Lucas Kauffman Apr 07 '14 at 12:36
  • How is that? We're theorizing about an attack on a system we know very little about. My question is, among other things, about processes that could produce such a gigantic system in a way that it remains undetectable. – d33tah Apr 07 '14 at 12:38
  • 1
    As you say "theorize" therefore probably not based on facts or references. – Lucas Kauffman Apr 07 '14 at 13:03
  • 1
    You can theorize and still refer to the facts you know. – d33tah Apr 07 '14 at 13:11
  • Why do you think nothing was detected before - that really isn't correct... – Rory Alsop Apr 07 '14 at 15:31
  • @RoryAlsop: could you elaborate? – d33tah Apr 07 '14 at 15:50

3 Answers3

9

The technology to tap an internet connection and copy all the data going over it without anyone detecting anything has existed for quite some time. There are network hardware taps, software taps, and data dumps of all types that could be happening completely undetected by those whose traffic is being sniffed. Observing the data doesn't change it in this case.

Once the NSA have the data they can then do whatever processing they want on it, as for why they haven't been hacked I'd be surprised if they'd connected their infrastructure to any public networks. Contrary to popular media most governments are very effective at keeping things secret when they want to.

GdD
  • 17,291
  • 2
  • 41
  • 63
3

One reason why the US government was able to conceal their involvement in the technical operations of internet service providers and website operators was the powerful tool of the National Security Letter. This tool exists since the 70s, but their power was greatly enhanced with the PATRIOT Act of 2001.

This tool allows the government to force any private company in the US to assist them in their investigations to counter terrorism or spying. They usually also include an non-disclosure clause, while also makes it illegally for the receiver to talk to anyone about this matter. This makes it illegal for the company to inform the public about this measure and extremely difficult for them to defend against such letters in a legal way.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • 1
    Okay, but world isn't USA only. There are other countries, other continents. – d33tah Apr 07 '14 at 15:25
  • 2
    @d33tah Large parts of the global internet communication are routed via US service providers or via the United Kingdom, where the GHCQ has abilities similar to the NSA in the US. UK and USA have a mutual spying agreement. The nice thing about this agreement is that each secret service is legally allowed to spy on the citizens of the other country and then give their findings to the other side. – Philipp Apr 07 '14 at 15:45
1

There are laws about logging telecommunications data retention. (See reference below for more information.)

DISHFIRE is using NSA and GCHQ logging all telecommunications data from loopholes and sniffing ISPs and so on. US and UK play large parts in the internet, so them sharing this information will cover a lot of the internet. Just think of how many servers are hosted in the UK and US and all the users they have, too!

It would be easy for governments to force companies to allow them to tap into for logging purposes. They could make anything up just to get their hands on the data, such as it's being used to prevent crimes and so on. Wouldn't surprise me if they have laws in place to stop companies from withholding information from governments.

References: http://en.wikipedia.org/wiki/Telecommunications_data_retention http://en.wikipedia.org/wiki/DISHFIRE https://www.eff.org/issues/mandatory-data-retention/us

elixenide
  • 204
  • 1
  • 3
  • 10
Paul
  • 1,552
  • 11
  • 11