The Spybots Among Us

How the NSA tracks terrorists in the United States through the Internet

Besides targeting suspect individuals or groups with bots that burrow and tools that hack, the NSA eavesdrops generally on cyberspace. The nationwide paranoia after the horror of September's terror attacks has lent popular approval to this practice. A bill to increase the NSA's budget by adding several billion dollars to the approximately $30 billion a year we spend on foreign intelligence-gathering is working its way through Congress. The bill specifically funds the NSA to change its current focus from intercepting messages transmitted by satellite and microwave dish to intercepting electronic traffic, particularly Internet traffic, that speeds through the land and sea networks of fiber-optic cables, which transmit voice and data communications.

A few years ago, Lt. Gen. Kenneth A. Minihan, then-director of the NSA, wrote an article revealing that the NSA defends the security of the Internet by spying on it. Stripped of bureaucratic jargon, what Minihan said was that the NSA attaches "sensors" on the Internet backbone and "in the underlying telecommunications infrastructure itself" to detect potential "threats" from nations, terrorists, and radical groups.

Contrary to popular conspiracy theories, the NSA can't monitor every man-made electron orbiting the Earth and pick out keywords, such as "anthrax" or "bribe," according to the European Parliament's ECHELON report. For one thing, trying to analyze huge volumes of phone calls by keywords is beyond the agency's capabilities because spoken language contains too many variables. The NSA can, however, analyze tremendous amounts of nonvoice data using keywords. Still, experts say that while it is theoretically possible for the NSA to monitor cyberspace in real time, the $4-billion-a-year spy agency, which is reported to employ more hackers and mathematicians than any other organization in the world, is not yet able to trap and analyze the unbelievably mammoth content of the Internet slipstream as it passes through the government's interception devices. Clearly, though, the NSA is working hard to do so.

There is no single physical point of connection through which all traffic passes, says security scientist Schneier. Instead, the NSA can connect "sniffers" -- Internet wiretap devices -- on overseas cables and at nine connection points in the U.S. (including in the Pacific Bell headquarters building in San Francisco). The problem with analyzing intercepted data, Schneier remarks, is knowing what information to ignore. It's a question of time. If it takes more than one second to analyze a second's worth of data, you fall behind in a fatal spiral, says Schneier, never catching up.

The trick is to narrow the focus of interception as much as possible -- to selected regions of cyberspace, certain chat rooms, Web sites, groups, and individuals.

The NSA's biggest challenge appears to be buying or inventing programs capable of analyzing the billions of messages it captures every day. To that end, the NSA openly partners with and makes substantial investments in a wide range of technology companies, such as Northrop Grumman Corp. and Verizon Communications, that manufacture hardware and software capable of scouring the microwave spectrum and tapping into fiber-optic pipelines to look for targeted content.

According to the ECHELON report, an array of private companies, several owned and operated by ex- NSA officials, has contracts worth hundreds of millions of dollars with the NSA. The report singles out Applied Signal Technology Inc., which is headquartered in Sunnyvale. John P. Devine, a member of Applied Signal's board of directors, was a deputy director of the NSA in 1995 when he left to join Applied Signal, which is described by the report as a "one-stop ECHELON shop."

Gary Yancey, founder and president of Applied Signal, says that his company has contracts with the NSA. "I know the ECHELON report well," he remarks. "But I can't comment on anything to do with it because of security clearances, and I would be excommunicated by the NSA if I did."

According to the ECHELON report, Applied Signal's devices intercept real-time data from high-speed Internet backbone links, then separate the raw intercept into tens of thousands of individual channels, each carrying a digitized telephone, fax, or modem "conversation." Although the rate of capture is quite impressive, it takes a relatively long time to interpret the captive data.

That is one reason the NSA apparently failed to analyze its raw intercepts on al Qaeda's U.S. branch prior to Sept. 11. Separating an unfathomable number of intercepted bits into intellectually analyzable categories is a laborious process. While the NSA divulges almost nothing about its techniques, it is possible to glimpse how it deals with intercepted data by looking at commercial products sold by firms that are close to the NSA.

Paracel, a subsidiary of Celera Corp. (famous for sequencing the human genome), describes its $100,000-plus TextFinder supercomputing processor as "designed to filter, search, categorize, and disseminate massive quantities of information for the Department of Defense." The chip can run hundreds of query searches on 50,000 pages of data per second (which is only a tiny fraction of the Internet's data flow), Paracel officials say. It can scan data in all languages simultaneously, while sorting it into patterns, according to Andrew Basile, TextFinder's project manager. Basile would neither confirm nor deny that the NSA uses TextFinder. The NSA does hold a patent on a software program, Semantic Forests, that has related capabilities and, according to Schneier and other experts, is designed for use on the Internet.

« Previous Page
Next Page »
My Voice Nation Help
Sort: Newest | Oldest
©2014 SF Weekly, LP, All rights reserved.