Latest Leak Shows NSA Engaging In Economic Espionage — Not Fighting Terrorism

from the flying-pigs dept

As more and more information about the NSA’s global surveillance capabilities emerges through leaks of material obtained by Edward Snowden, the US authorities have been playing the terrorist card heavily. That is, they concede that they have been spying on pretty much everyone, but claim that it was only to fight terrorism, and thus to save lives. In particular, the NSA insists it is not spying on anyone for the purposes of industrial espionage — here’s what it wrote in an email to the Washington Post on the subject just a couple of weeks ago:

“The Department of Defense does engage” in computer network exploitation, according to an e-mailed statement from an NSA spokesman, whose agency is part of the Defense Department. “The department does ***not*** engage in economic espionage in any domain, including cyber.”

Despite the screaming asterisks, like many other statements on the subject from the NSA, this one turns out to be untrue, as the Brazlian TV program “Fantastico” revealed on Sunday, drawing on new leaked documents provided by Glenn Greenwald, who lives in the country:

The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States.

a top secret presentation dated May 2012 is used by the NSA to train new agents step-by-step how to access and spy upon private computer networks — the internal networks of companies, governments, financial institutions — networks designed precisely to protect information.

The name of Petrobras — Brazil’s largest company — appears right at the beginning, under the title: “MANY TARGETS USE PRIVATE NETWORKS.”

The name of Petrobras appears on several slides, as the training goes deeper in explaining how data from the target companies is monitored.

The Fantastico article goes on to give more information about the attacks on the company’s internal networks, and points out that Petrobras is hardly a terrorist organization:

The yearly profits of Petrobras are over 280 billion reais — US$ 120 billion. More than the GDP of many countries. And there are plenty of motives for spies to want access to the company’s protected network.

Here’s one of them:

For example, the details of each lot in an auction [of oil drilling rights] set for next month: for exploration of the Libra Field, in the Bay of Santos, part of the Pre-salt. Whether the spies had access to this information is one of the questions the Brazilian government will have to put to the United States.

Former Petrobras Director Roberto Villa considers this the greatest auction in the history of oil exploration. “It’s a very peculiar auction. The auction of an area where we already know there’s oil, there’s no risk”, he says. What no one else should know, Villa says, is which are the richest lots. “Petrobras knows. And I hope only they know.” He considers that such information, if stolen, could give someone an advantage. “Someone would have an edge. If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He’ll know where to invest and where not to. It’s a handy little secret.”

Once again, the NSA’s rebuttal of these claims is weak and unconvincing:

It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.

Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn’t the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?

This latest attack on Brazil’s flagship enterprise will make the country’s already strained relationship with the US even more difficult. But the Fantastico story on the NSA program, which is apparently called “Royal Net”, is about much more than those bilateral relations:

Besides Petrobras, e-mail and internet services provider Google’s infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.

Other targets include French diplomats — with access to the private network of the Ministry of Foreign Affairs of France — and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions.

There are also first details of other, hitherto unknown, spying programs and capabilities:

The NSA presentation contains documents prepared by the GCHQ — the British Spy agency, from a country that appears as an ally of the United States in spying. The British agency shows how two spy programs operate. “Flying Pig” and “Hush Puppy” also monitor private networks which carry supposedly secure information. These networks are known as TLS/SSL.

The presentation explains how data is intercepted, through an attack known as “Man in the Middle”. In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing.

This confirmation that man-in-the-middle attacks are used by the NSA to intercept data, along with detailed information about the high-level economic espionage that is going on, underlines why the Fantastico report is so important, and why it is well-worth reading in its entirety.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: , , , ,
Companies: petrobas

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Latest Leak Shows NSA Engaging In Economic Espionage — Not Fighting Terrorism”

Subscribe: RSS Leave a comment
52 Comments
Not an Electronic Rodent (profile) says:

Re: Re: Re:

So elect a president whose DOJ will actually put these guys in prison.

Excellent idea… but do you have any suggestions as to who or how? Considering that;
a/ As I understand it Obama promised at least steps in this direction and lied through his teeth even more than the average politician
and
b/ Any politician actually serious about such reform has about as much chance to getting as far as having people vote for him as I am of being in the running for Pope.
… it seems a rather forlorn hope.

TaCktiX (profile) says:

How many lies and deceptions need to be uncovered?

The same pattern has emerged ever since the first leaks from Snowden (and if one includes Senator Wyden’s efforts, starting even before then):

1. Leaked document exposes dirty laundry of NSA.
2. People speculate on implications of said dirty laundry.
3. NSA denies that any of those implications are true.
4. New leaked document directly contradicts NSA’s denial.
5. GOTO 2, repeat.

It’s the same pattern, for months running. When are people (and Congress, and the President, and the Courts, our supposed public servants) going to finally realize that the entire setup is utterly corrupt and untrustworthy? That it needs to be removed in its entirety and maybe replaced (I’m in doubt that we even need the NSA).

Mark Harrill (profile) says:

Financial Crisis

So according to this quote:

for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy.

they have the ability to guess when financial crises may be coming? Yet they failed to do anything during the mortgage bubble when American and allied banks were taking actions that could negatively impact the global economy? Here could have been a chance to justify their budget and save millions, if not billions of dollars, but they missed that as well.

Eric (profile) says:

Re: Re: Financial Crisis

Wouldn’t that make sense if they announced it? If they want to justify their budget (and their agency), they should show results. So far, all losses, though. Since we had economic busts, plus they said they need these programs to stop things like the Boston Marathon bombings. Only positive thing is that they’re consistent.

Anonymous Coward says:

Re: Re: Financial Crisis

How would NSA interfere? And more importantly:

If it involves private entities we are talking a preemptive bail for a lot of financial institutions to go wild… Not exactly a good thing.
If it is to inform companies about how to avert disaster, we are talking something equivalent to industrial espionage on roids.
If the informations are made public, well, then we are talking about rather benign activity but that seems completely unbelievable for what NSA has done in the past.
The only reasonable other use would be giving the informations to other parts of the government and then we can start this list again for that government entity, not to mention the whitewashing they have to do to get their information emissible in court…

Financial spying is incredibly easy to abuse, conciously or unconciously.
Therefore I think secret services should keep from spying in that field entirely…

Pragmatic says:

Re: Financial Crisis

You took the words right out of my mouth. Basically, “approved” economy wreckers can proceed with impunity, but God forbid that anyone should spoil the party!

They had plenty of warning about the crash of ’08. It was actually Bush who warned about it, but he was ignored. When the revelations by Matt Taibbi came to light, no action was taken, even though the activities of BOA, etc., were publicly known.

Let’s face it, none of them give a damn whether our economy gets wrecked again or not, what they want is to be able to take advantage of insider knowledge so they can gamble on the stock exchange. Amirite?

Ninja (profile) says:

Re: Financial Crisis

they have the ability to guess when financial crises may be coming? Yet they failed to do anything during the mortgage bubble when American and allied banks were taking actions that could negatively impact the global economy?

the answer is in your own question. There were the few that benefited greatly from the subprime festival. The bankers.

AdamR (profile) says:

Re: Re:

“The fact that many of the people inside of the NSA are just contractors for other companies who might have interests that benefit from this sort of thing is just coincidental.”

I’m surprised why this hasn’t been explored further. Their loyalty is not toward the government or its citizens but to their bottom line. i wonder what immunities if any these contracting companies have with the NSA or our government.

That Anonymous Coward (profile) says:

Re: Re: Re:

Well they made all of them immune from the check of ‘odd activity’ in the system. Only actual NSA workers were checked and they found like what 4000 incidents?

They gave the telcos total immunity to anything happening to them, even as they were well aware what they were doing violated the Constitution and the law… so…

Anonymous Coward says:

Re: Re:

Diffie-Hellman part of the encryption, to set up a secure connection over an insecure channel. The authentication is provided by ‘certificates’ who are owned by ‘certificate authorities’. Hack / subvert / demand with a NSL & gag order and you can seamlessly do a MitM by pretending to be the person you’re trying to communicate with.

This weakness of centralized certificate authorities isn’t new. In fact we knew about it the second someone came up with the idea. Yet here we are 🙂

Arthur Moore (profile) says:

Re: Re:

They’re using man in the middle attacks. So, you’re securely talking to a NSA computer which is then talking to the real server.

The hard part is for the NSA computer to pretend to be the real server. There are three ways for them to do so. First, they could have demanded/stolen the secret key and certificate from the server they’re trying to intercept traffic to. Second, they could have a trusted Certificate Authority (CA) tell the user that they are the server. Third, they could use their massive supercomputers to fake a valid certificate.

We’ve heard a decent bit about the first one. The second one happens because browsers operate on a chain of trust that is completely invisible to a normal user. It would be easiest for them to go this route. The third method was actually demonstrated by a couple of researchers. They used a bunch of PS3s to sign a valid md5 based certificate. It’s an old attack, but someone on that huge invisible chain of trust is probably still vulnerable.

Like Snowden said. The problem isn’t the encryption, it’s everything else. In this case, web browsers relying on public key cryptography with some major flaws.

Anonymous Coward says:

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy.

Yeah, smashing job you guys did over the last decade or so of keeping the economy healthy. No massive unemployment or out of control national debt or anything going on over here. Everything’s fine over in Europe too, no problems over there.
Great job, NSA. Great job.

Internet Zen Master (profile) says:

A grain of healthy skepticism

Like the rest of you, this Internet Zen Master has been rather outraged by the NSA’s blatant disregard for the right to privacy of the everyday American, I think we should all step back, take a deep breath, and look at the bigger picture of the US Government before we start accusing the NSA of actually providing US-based companies with information they got from their surveillance of Petrobras.

Unless we have actual proof of this, all that’s happening is rampant speculation, which gives the NSA’s defenders the ability to say: “See! The people attacking the NSA are nothing more than a bunch of conspiracy theorists making baseless accusations!”

… At least until the next leak comes out.

So I’d hold off on saying that the NSA shares information with/drops hints to American companies until there’s some evidence to (at least partially) support those claims.

But that’s just me. And until Guardian/Spiegel/NYT/WaPo stops publishing stories based on information from the Snowden Documents, we won’t know if there’s any actual proof about that or not.

As the Zen Master says, “We’ll see.’

any moose cow word says:

This obviously looks bad for the NSA, but it doesn’t look good for Petrobras either.

“If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He’ll know where to invest and where not to. It’s a handy little secret.”

Right, a “handy little secret” that Petrobras wanted to keep to themselves. Nice to know that crony capitalism is alive and well in other countries too.

Lance Drager says:

Huh?

No one ever, ever said that NSA was not involved in general Intelligence gathering!

Terrorism was the justification (or excuse) *only* for gathering very broad data on private citizens, as distinguished from foreign governments, officials and institutions.

One of the problems with this issue is the failure of the media and many of the commentators to draw the simplest of distinctions. Another is apparent refusal to learn what the law is and the history of the issue.

Hporter (profile) says:

It strains credulity to believe they are ***not*** engaging in corporate espionage

As an article in Mother Jones Magazine (to name one example) clearly indicated almost 20 years ago….

Since the end of the Cold War, Washington has been abuzz with talk about using the CIA for economic espionage. Stripped of euphemism, economic espionage simply means that American spies would target foreign companies, such as Toyota, Nissan, and Honda, and then covertly pass stolen trade secrets and technology to U.S. corporate executives.

R. James Woolsey, President Clinton’s CIA director, has said repeatedly that the CIA will not engage in corporate spy work. Targeting foreign companies and giving that information to American companies is “fraught with legal and foreign policy difficulties,” Woolsey says. But there is not the slightest hesitation among other top CIA officials that such information, when obtained, ought to be shared with American automakers.

Given the plethora of examples demonstrating the complete disregard for the law (US Constitutional, international, privacy, and otherwise) on the part of the NSA, it would be naive to believe that cavalier attitude stopped at the boardroom doors.

Anonymous Coward says:

“What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.”

-James Clapper

If the alleged felonious liar pinky swears and crosses his heart, while stating that this corporate espionage information will not be abused. Well, who are we to question his honesty, credibility, and integrity on such matters?

Ninja (profile) says:

There’s a small fact that is going unnoticed here. Fantastico is a mainstream ‘news’ program that could be compared to the worst news parrot from Fox News and the likes. I’m Brazilian and I’ve been following politics and power long enough to know that Globo, the network behind Fantastico) is very, very biased towards what suits their interests. Just by watching their coverage on the recent protests this is made very clear. There’s also the cases of corruption from the current Federal Government (dubbed “Mensal?o”), mainly orchestrated and operated by politicians from the PT party (labor party, left winged). They got a shitload of attention but when the same issues happened with the right winged party (PSDB) they were “surprisingly” silent. They are also known to be pro-USA generally speaking.

I’m saying all this because if this made it into their main Sunday show that has a whole lot of audience then you can bet it’s damn critical AND it’s got enough mainstream outrage to justify showing.

It’s interesting indeed!

Crusty the Ex-Clown says:

LIBOR rigging? HSBC?

Why didn’t the NSA step up to the plate and put a halt to the rigging of the London Inter-Bank Offering Rate that went on for years under their very noses?

How did they manage to miss the massive money-laundering HSBC did for drug cartels?

And what hiccup caused them to ignore HSBC’s part in illegal transfers to Iranian banks?

Who is being protected, and from whom?

Quid custodiet impossible custodes? Indeed.

kris says:

Catalyst

NSA using their power for economic espionage- in other words, politicians and bureaucrats helping their buddies in the petro-agri-war industry to deal their dirty business. Not surprising, really, since their money is all tied up in one big clusterf#@%.
Perhaps the media coverage of their dirtier business dealings will be what helps the world kick our fossil fuel dependence.

GEMont (profile) says:

Blackmail is a lovely business model for those who can wield the process successfully among the wealthiest members of society, because the victims never report the crime and the payoff is always extremely large.

By knowing the “extra-curicular” activities of CEOs, politicians, lawyers, high-ranking gangsters, presidents and kings, via communications interception, one can easily push one’s own agenda internationally, by simply NOT telling what you know, and making your “targets” aware of what you’re not telling.

For a government to indulge in this type of high-stakes extortion is especially effective, as the capital gained is unrecorded and can be used for other less-than-legal operations without fear of oversight, and the results of the process take place in the real world as if they were entirely natural.

It is the favourite passtime of Organized Crime, in all of its myriad legitimate disguises.

JohndoNym says:

Where is the evidence?

Where is the evidence in anything you wrote or the newspaper wrote that the NSA is engaged in economic spying, that is, spying on a company, an American economic competitor AND THEN handing the information gleaned to an American company so the American company can prevail, in bids, in contract negotiations, even employee recruitment or product development?

Because I looked for it in your story, but I saw no evidence of that at all.

It’s in the nature of spying that it can’t respect the artificial walls that divide one human-defined activity from another; they go where the spies are or could be without exception, subject only to judicial limitations (limitations which are being very poorly attended to, we all agree).

So far as I can tell, neither you nor Glen Greenwald nor Snowden have produced the smoking evidentiary gun which shows economic espionage has occurred here, except as you have defined it downward to mean- spying on business computers and networks.

This from a group of people who loudly decry trials during which flimsy charges with insufficient evidence are used to convict actually innocent people.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...