updated 02:50 pm EDT, Wed August 13, 2014
Two-day Syrian Internet blackout blamed on failed NSA hack
The National Security Agency (NSA) was behind the two-day Internet blackout of Syria in 2012, claims whistleblower Edward Snowden. The accusation, alongside claims that the NSA is working on an automated malware killer, from Snowden comes at the same time as a separate report appearing to show the NSA collected far more information than was legally allowed.
In a profile published by Wired, Snowden claims the NSA's Tailored Access Office (TAO) was attempting to take advantage of a vulnerability on a router owned by a "major Internet service provider in Syria," with a successful exploit allowing the NSA to monitor traffic more closely. The TAO failed, instead causing the router to break, and in turn effectively cutting off the country's Internet.
While the team tried to repair the damage caused, something it evidently could not perform, it instead attempted to remove all trace of its presence, with one team member jokingly stating "If we get caught, we can always point the finger at Israel." Though limited just to the Syria incident, the claim by Snowden that the NSA broke a high-traffic router for a major ISP in the country then removed all evidence may cause NSA critics to point the finger at the agency for other online incidents in the future.
In another part of the interview, Snowden mentioned another NSA project, this time for protection rather than spying. MonsterMind is suggested to be an automated cyberattack scouting tool which would detect attacks based on traffic patterns, and then block them. Though similar to existing tools, MonsterMind took things further, automatically retaliating against the source of the attack. Snowden suggested the tool is a hazard, potentially attacking the wrong target.
"These attacks can be spoofed. You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital." Said Snowden of the attack redirect. "What happens next?"
Snowden also points out that the effectiveness of MonsterMind would require a massive breach of privacy, as it would need to secretly monitor communications between people located in the US and elsewhere. "The argument is that the only way we can identify these malicious traffic flows and respond to them is if we're analyzing all traffic flows," advised Snowden, claiming it would mean a violation of the Fourth Amendment and the warrantless seizure of private communications.
Recently-declassified documents, appearing on the Office of the Director of National Intelligence's Tumblr account and spotted by The Register, show the NSA as collecting more data than it was supposed to do so, under a now-ended collection program. One document, detailing a renewal by the NSA for the use of "pen register and trap and trace (PR/TT)" devices to the Foreign Intelligence Surveillance Court (FISC), notes that the "government acknowledges that NSA exceeded the scope of authorized acquisition continuously" over the multi-year order period.
The document also note frequent issues regarding over-collection and disclosure of collected data to agencies outside what FISC ordered. In one instance, the NSA opted to eliminate the entire database of collected information and start collecting data from scratch again, rather than sorting through what it had already collected and removing non-compliant data.
At one point, FISC dimly notes "Given the duration of this problem, the oversight measures ostensibly taken since [redacted] to detect overcollection, and the extraordinary fact that NSA's end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired, it must be added that those responsible for conducting oversight at NSA failed to do so effectively."