The NSA's Weird Interest In File Sharing Programs

from the National-Sharing-Agency dept

Another large Snowden document dump from The Intercept uncovers many more off-brand uses of NSA surveillance tools. The pile of documents come from the NSA's "SID (Signals Intelligence Directorate) Today" files, of which there are apparently thousands of available pages. The documents released late last week show that if it happened online, the NSA was looking at it.

According to documents provided by NSA whistleblower Edward Snowden, the spy agency formed a research group dedicated to studying peer-to-peer, or P2P, internet traffic. NSA didn’t care about violations of copyright law, according to a 2005 article on one of the agency’s internal news sites, SIDtoday. It was trying to determine if it could find valuable intelligence by monitoring such activity.

But it appears the NSA found very little worth observing.

“By searching our collection databases, it is clear that many targets are using popular file sharing applications,” a researcher from NSA’s File-Sharing Analysis and Vulnerability Assessment Pod wrote in a SIDtoday article. “But if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”

The info in the SID Today publication [PDF] is a bit dated, as it shows BitTorrent trailing applications like eDonkey and KaZaa. Even though it was mostly popular albums traversing the internet pipes, the NSA still formed a File-sharing Analysis and Vulnerability Assessment (FAVA) "pod" to poke away at the infrastructure and search the shared files for data of national security interest. To do this, it had to strip away the layers of protection lying between the NSA and the contents of the files.

As many of these applications, such as KaZaA for example, encrypt their traffic, we first had to decrypt the traffic before we could begin to parse the messages. We have developed the capability to decrypt and decode both KaZaA and eDonkey traffic to determine which files are being shared, and what queries are being performed.

Breaking the encryption allowed the NSA to peer into users' computers via their shared folders, as well as harvest email addresses, country codes, user names, and lists of recent searches.

Even so, there was little actual intelligence to be gathered from the most popular file sharing applications of a decade ago. But that laid the groundwork for further examination of file sharing for national security reasons. A program called GRIMPLATE tracked BitTorrent use by Defense Dept. employees, checking to see if any of the swarms travelling in and out of the DoD's safe spaces was "malicious" -- a definition that presumably covers DoD employee exfiltration of sensitive files as well as possibly-harmful programs being downloaded to DoD computers.

Over in the UK, GCHQ was taking much more proactive steps toward turning torrent traffic into both a weapon and a source of intel.

The page describes DIRTY RAT, a GCHQ web application used by analysts that at the time had “the capability to identify users sharing/downloading files of interest on the eMule (Kademlia) and BitTorrent networks. … For example, we can report on who (IP address and user ID) is sharing files with ‘jihad’ in the filename on eMule. If there is a new publication of an extremist magazine then we can report who is sharing that unique file on the eMule and BitTorrent networks.”

The RAT was also tasked with gathering info to be shared with law enforcement. Child porn is name-checked in the document, as are the London Metro Police and FBI. But GCHQ wasn't interested in merely collecting info on users sharing illicit content. It also wanted to use the sharing platforms for malware delivery.

A tool called PLAGUE RAT “has the capability to alter the search results of eMule and deliver tailored content to a target,” the wiki article states. “This capability has been tested successfully on the Internet against ourselves and testing against a real target is being pursued.”

File sharing hasn't gone away, so it's indisputable both agencies are still eyeballing BitTorrent traffic. Considering a number of exfiltrated docs/software have been shared via the service, there are probably files of national security interest circulating along with movies, music, and games.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 20 Sep 2017 @ 5:15am

    “But if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”

    Is "pop star" a new codename for "porn"? Because really, they must have bumped into tons of porn :D

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Sep 2017 @ 6:49am

    So the NSA is allowed to decrypt encoded traffic across P2P services, but if I change the hard drive in my original XBOX I'm in violation of like 700 copyright and piracy laws. Got it.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 8:39am

      Re:

      They are operating outside of the law and now have access to sufficient blackmail material to ensure that they are never subject to the laws, no matter who comes into power.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 20 Sep 2017 @ 10:35am

        Re: Re:

        That never prevented anyone from figuring out who these "seemingly" untouchable idiots are and seeing to it they never wake up the following day (via millions of methods). Why do you think they really get mad when patriots like Snowden release information about them, exposing them for who they really are -- including who they are?

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 8:39am

      Re:

      They are operating outside of the law and now have access to sufficient blackmail material to ensure that they are never subject to the laws, no matter who comes into power.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 5:48pm

      Re:

      You basically summed up MyNameHere in a nutshell.

      reply to this | link to this | view in chronology ]

  • icon
    amoshias (profile), 20 Sep 2017 @ 7:05am

    I definitely do not get the title of this piece. When I opened it up, I thought that the idea that they might be interested in file-sharing wasn't particularly weird at all... And then you went on to lay out all of the excellent arguments in favor, one at a time. What is weird about their interest?

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 20 Sep 2017 @ 7:11am

      Re:

      I guess it's weird they kept monitoring things after they found out nothing useful?

      reply to this | link to this | view in chronology ]

      • icon
        Riccardo Cabeza (profile), 20 Sep 2017 @ 8:50am

        more haystacks must be built!

        In August 2013, a report by Reuters revealed that the Special Operations Division (SOD) of the U.S. Drug Enforcement Administration advises DEA agents to practice parallel construction when creating criminal cases against Americans that are based on NSA warrantless surveillance.[1] The use of illegally obtained evidence is generally inadmissible under the fruit of the poisonous tree doctrine.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 20 Sep 2017 @ 10:42am

          Re: more haystacks must be built!

          Which is exactly why patriots use their own form of "parallel construction" to get this information into the public so it sees the light of day anyway, regardless of the fact that courts are in cahoots with the coverts.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 10:53am

      Re:

      Yeah, it's not that weird. If I were working for the NSA, I'd try to turn "monitoring file-sharing networks" into paid work too. Right now I'm doing it for free like a sucker.

      reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 21 Sep 2017 @ 5:41am

      Re: Weird about their interest

      Do a search here on TD on "Kim Dotcom."

      Now ask why the NSA is interested in an alleged copyright infringer. That is flippin' weird.

      reply to this | link to this | view in chronology ]

  • identicon
    someoneinnorthms, 20 Sep 2017 @ 7:18am

    It's probably weird that they search all these computers all across the world without the slightest shred of probable cause or articulable suspicion to believe that crime is occurring.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 7:31am

      Re:

      It depends on how they are searching, for example setting up a DHT database like Magnetico isn't illegal and the people using the torrent programs are basically saying "here's the file I'm looking for, do you have it?"
      Source code: https://github.com/boramalper/magnetico

      Gnutella had a similiar concept to DHT with queries going to neighbor nodes and responses coming from UltraPeers? It's been awhile since I looked at it.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 20 Sep 2017 @ 12:40pm

      Re:

      It's probably weird that they search all these computers all across the world without the slightest shred of probable cause or articulable suspicion to believe that crime is occurring.

      The NSA is not a law enforcement agency; they have no interest in policing crime.

      reply to this | link to this | view in chronology ]

      • identicon
        someoneinnorthms, 20 Sep 2017 @ 1:27pm

        Re: Re:

        Ahhh, the old "I don't have to follow the Constitution because I'm not engaged in law enforcement" defense.

        I honestly thought the Fourth Amendment said something like, "The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated . . . ." But, what do I know?

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 20 Sep 2017 @ 6:32pm

          Re: Re: Re:

          I didn't mean what they're doing is legal (I don't know), just that they aren't doing it in search of crime.

          reply to this | link to this | view in chronology ]

          • identicon
            someoneinnorthms, 21 Sep 2017 @ 12:16pm

            Re: Re: Re: Re:

            That doesn't make a whit of difference. If the Central Government is violating the Fourth Amendment (regardless of the purpose of their actions while violating it), then they are acting unconstitutionally. Of course, the next question is: what is the remedy? That's where your observation comes in. Exclusion of illegally-obtained evidence. Or perhaps money damages, if one can demonstrate particularized injury. It's a crying shame that they can effectively "get away" with unconstitutional behavior merely because it is so pervasive.

            reply to this | link to this | view in chronology ]

            • icon
              nasch (profile), 21 Sep 2017 @ 1:20pm

              Re: Re: Re: Re: Re:

              You might be missing my point. Just in case: not saying it's constitutional. Your original comment seemed to indicate surprise (outrage, whatever) at one of these factors:

              - that the NSA is doing something unconstitutional
              - that the NSA is searching for information despite not having any reason to believe there was a crime committed

              In case it was the second one, I was just mentioning that the NSA has no interest in crime, and that's not why they do anything that they do. My comment had nothing to do with the first one.

              Now it's possible I'm wrong, and they're very interested in crime so they can share stuff with the FBI and whatnot, but my impression is they just do that if they happen to come across things and it's not really their purpose. But of course I don't have any inside information, I'm just going from what I see in the news.

              reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    kabir64, 20 Sep 2017 @ 7:42am

    i phone 7 plus

    get i phone 7 plus free

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Sep 2017 @ 9:25am

    the weird thing surely is how the NSA, as with other US security services, does EXACTLY what the entertainments industries tells it to do! it's more concerned with doing that rather than going out and catching real criminals and proving guilt over real crimes!! shows the influence these industries have and it has been enhanced since Trump became President! every businesses ally, every ordinary persons nemesis!!

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 20 Sep 2017 @ 12:43pm

      Re:

      the weird thing surely is how the NSA, as with other US security services, does EXACTLY what the entertainments industries tells it to do!

      The executive branch is in general in bed with the entertainment industry. But in this particular case... "NSA didn’t care about violations of copyright law".

      reply to this | link to this | view in chronology ]

  • identicon
    ANON, 20 Sep 2017 @ 11:52am

    So what?

    >It's probably weird that they search all these computers all across the world without the slightest shred of probable cause or articulable suspicion to believe that crime is occurring.

    I'm sure when they obtain secrets from foreign governments, that's espionage, treason, and a dozen other offenses in those countries, and they did not get warrants there either. Really, what's the surprise. An agency that tracks every phone call they can get their hands on, on the off chance that a few might be of interest - why would they not also track file exchanges?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 20 Sep 2017 @ 12:11pm

      Re: So what?

      However, collecting all this data means that they drown in data, and are as surprised as anybody else when an attack takes place. But, afterwards they can locate the information that should have allowed them to foil it.

      reply to this | link to this | view in chronology ]

  • identicon
    Oliva, 20 Sep 2017 @ 3:00pm

    Privacy

    This is news why? NSA have been peeping for years. Get you a batchat, binfer, vpn, and cold wallet and move to estonia. AM I RIGHT?!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.