Released Snowden Doc Shows NSA Thwarting Electronic Dead Drops By Using Email Metadata
from the 'just-metadata'-strikes-again dept
The latest batch of Snowden docs published at The Intercept cover a lot of ground. The internal informational sheets from the Signals Intelligence Directorate include info on a host of surveillance programs that haven’t been revealed by previous document dumps. Nor do they discuss the programs in full. As such, some of the information is limited.
One of those published last week mentions the NSA’s targeting of internet cafes in Iraq and other Middle Eastern countries using a program called MASTERSHAKE. Using MASTERSHAKE, analysts were apparently able to drill down location info to which target was sitting in which chair at the cafes under surveillance.
Further down the page [PDF], past this brief mention of a program discussed more fully elsewhere, there’s another interesting tidbit. Apparently, the NSA can suss out electronic dead drops using harvested metadata. (h/t Electrospaces)
[REDACTED] will be briefing on THERAPYCHEATER. This is a system that uses metadata analysis to detect and exploit the communication patterns of targets about whom the SIGINT system has no specific a priori knowledge. By identifying suspicious patterns in the access to draft folders of webmail accounts, THERAPYCHEATER will identify email addresses potentially being used in a form of covert communication known as a cyber dead drop. There are numerous examples in both SIGINT and collateral of terrorists using cyber dead drops to communicate operational information and plans.
Apparently, the tried-and-true surveillance workaround is no longer a secure option. One way to avoid surveillance of communications was to simply not communicate. Composing drafts in a shared email account was one to talk to others without risking interception.
As the paragraph states, this draft folder metadata is used to acquire new surveillance targets, based almost solely on the analyst’s impression of account activity. Presumably from here, the NSA can move on to seeking access to the actual account to see what’s hiding inside that’s never been sent. Or, at the very least, keep an eye on traffic to and from the email account.
This was written in 2005 so access to email account metadata may be more limited, thanks to routine encryption. However, the metadata here refers to activity taking place within an account, suggesting the NSA does (or at least did) have access to certain types of account activity, rather than simply gathering metadata related to web-traversing communications.