Is the Prism Program Actually Connected to Business Servers?

Drudge revealed this shocking powerpoint slide today. It is labeled Top Secret/NorForn, which means that only cleared personnel of American origin can see its contents. It details the PRISM program which boasts to be able to deliver the meta and contents of many internet communication types- Gmail, Hotmail, Skype, videoconferencing, photostreams, Yahoo Mail and much more. Companies like Google and Apple have flatly denied that they have granted access to the NSA for these collection activities. So what’s the deal? Did the NSA backdoor these companies’ servers? Or are they achieving their goals via a different method?

From the Guardian here, which, by the way, is another foreign news organization that has managed to scoop Obama’s bootlicking media sycophants:

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called PRISM, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”

Several senior tech executives insisted that they had no knowledge of PRISM or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.

An Apple spokesman said it had “never heard” of PRISM.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

To me, this presentation smacks of a sales pitch by a Contractor. I think the capabilities are over-hyped and there is literally no way that the NSA can backdoor so many of these major internet providers, collect data over the providers’ network without their knowlege, and exfiltrate logs, content and meta back to Fort Meade. But they can still get all of this content without backdooring a single server.

Let me explain. Each of the major providers listed in the presentation do have something in common. Each uses Akamai as a content distribution network- pushing your content to Akamai instead of hosting it on a single server allows for geographically load balanced content. That’s why you can’t DDoS Yahoo. Their servers are everywhere, serving the same content. You might be able to take down a single point, but the others stay up, thus the service stays up. Same with gmail, hotmail, and Apple.

In order to scrape all of this data, you could access Akamai’s logs for meta. Akamai’s top executive was murdered on 9/11 when the plane he was on was smashed into the Pentagon by dirtbag jihadis. Akamai has long had a good working relationship with DoD, DHS, and other security departments since then, and to me, I think this is very patriotic of them. But notice I said LOGS. You can’t get photos, videos and other content streams with logs. You need to intercept the packet streams. Then reassemble the packets into the content you are looking for.

So I think the NSA has tapped into the core routers at the major content distribution networks- Akamai, FBCDN (facebook’s content delivery network), and other similar CDNs. Once tapped they can see all of the traffic going in and out.

PRISM would face some other huge challenges, however, which makes me think this presentation is over-hyped. Packet storage would be vast, and would have to be located at the capture point- they can’t steam that much payload back to Fort Meade. Also, SSL decryption would be a challenge. In order to get data from Google, they would have to have been given signed CERTS from Google to allow them to intercept and decode the SSL traffic as man-in-the-middle. It is likely that NSA simply purchased these.

As far as the progression of the capability as presented on the slide over at Guardian, to me this represents the times when the contractors were able to write reassembly parsers for the targeted content. Hotmail, gmail, and more until Skype came along. The Skype parser likely also relied on a signed cert from Microsoft after their buyout of the popular encrypted chat program a few years back.

Finally, regardless of all of this collection capability, the biggest hurdle would be eyes on glass to hunt and identify what they are looking for. This is a massive data set and you would likely have to be given a target to look at to begin your investigation- in other words, ask PRISM a question and it will help you find the answer. But to just start digging into the system to hope you find something will be time-wasting and fruitless. And remember, the government missed all of the clues to the Boston Bomber’s ties to terrorism, and PRISM did nothing to prevent it.