from the flying-pigs dept
As more and more information about the NSA's global surveillance capabilities emerges through leaks of material obtained by Edward Snowden, the US authorities have been playing the terrorist card heavily. That is, they concede that they have been spying on pretty much everyone, but claim that it was only to fight terrorism, and thus to save lives. In particular, the NSA insists it is not spying on anyone for the purposes of industrial espionage -- here's what it wrote in an email to the Washington Post on the subject just a couple of weeks ago:
"The Department of Defense does engage" in computer network exploitation, according to an e-mailed statement from an NSA spokesman, whose agency is part of the Defense Department. "The department does ***not*** engage in economic espionage in any domain, including cyber."
Despite the screaming asterisks, like many other statements on the subject from the NSA, this one turns out to be untrue, as the Brazlian TV program "Fantastico" revealed on Sunday, drawing on new leaked documents provided by Glenn Greenwald, who lives in the country:
The internal computer network of Petrobras, the Brazilian oil giant partly owned by the state, has been under surveillance by the NSA, the National Security Agency of the United States.
The Fantastico article goes on to give more information about the attacks on the company's internal networks, and points out that Petrobras is hardly a terrorist organization:
a top secret presentation dated May 2012 is used by the NSA to train new agents step-by-step how to access and spy upon private computer networks -- the internal networks of companies, governments, financial institutions -- networks designed precisely to protect information.
The name of Petrobras -- Brazil's largest company -- appears right at the beginning, under the title: "MANY TARGETS USE PRIVATE NETWORKS."
The name of Petrobras appears on several slides, as the training goes deeper in explaining how data from the target companies is monitored.
The yearly profits of Petrobras are over 280 billion reais -- US$ 120 billion. More than the GDP of many countries. And there are plenty of motives for spies to want access to the company's protected network.
Here's one of them:
For example, the details of each lot in an auction [of oil drilling rights] set for next month: for exploration of the Libra Field, in the Bay of Santos, part of the Pre-salt. Whether the spies had access to this information is one of the questions the Brazilian government will have to put to the United States.
Once again, the NSA's rebuttal of these claims is weak and unconvincing:
Former Petrobras Director Roberto Villa considers this the greatest auction in the history of oil exploration. "It's a very peculiar auction. The auction of an area where we already know there's oil, there's no risk", he says. What no one else should know, Villa says, is which are the richest lots. "Petrobras knows. And I hope only they know." He considers that such information, if stolen, could give someone an advantage. "Someone would have an edge. If this information was leaked and someone else has obtained it, he would be in a privileged position at the auction. He'll know where to invest and where not to. It's a handy little secret."
It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.
Or, you know, it could provide US companies with insights about which were the best lots in the forthcoming auction of seabed areas for oil exploration, or about highly-specialized deep-sea oil extraction technology, in which Petrobas is a world leader. After all, why wouldn't the NSA drop some useful hints about such things to US companies as a way of justifying its huge budget?
We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries' economic policy or behavior which could affect global markets.
This latest attack on Brazil's flagship enterprise will make the country's already strained relationship with the US even more difficult. But the Fantastico story on the NSA program, which is apparently called "Royal Net", is about much more than those bilateral relations:
Besides Petrobras, e-mail and internet services provider Google's infrastructure is also listed as a target. The company, often named as collaborating with the NSA, is shown here as a victim.
There are also first details of other, hitherto unknown, spying programs and capabilities:
Other targets include French diplomats -- with access to the private network of the Ministry of Foreign Affairs of France -- and the SWIFT network, the cooperative that unites over ten thousand banks in 212 countries and provides communications that enable international financial transactions.
The NSA presentation contains documents prepared by the GCHQ -- the British Spy agency, from a country that appears as an ally of the United States in spying. The British agency shows how two spy programs operate. "Flying Pig" and "Hush Puppy" also monitor private networks which carry supposedly secure information. These networks are known as TLS/SSL.
This confirmation that man-in-the-middle attacks are used by the NSA to intercept data, along with detailed information about the high-level economic espionage that is going on, underlines why the Fantastico report is so important, and why it is well-worth reading in its entirety.
The presentation explains how data is intercepted, through an attack known as "Man in the Middle". In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing.