It had to happen: the technology behind the NSA’s PRISM system looks like it came from an Israeli company.
On Wednesday Steve Gibson’s Security Now podcast on the TWIT network put forward the most believable explanation of what the NSA PRISM program really is. All the following work is his, I’m just posting it here because he works in tweets and audio and this needs to be written down.
Working from testimony given in 2006 by a former employee of AT&T, Steve put forward the theory that PRISM is an NSA program to put a tap on specific points of the internet.
You don’t need (or want) to see or store all the transient traffic on the internet. What you want is the traffic to and from the most important sites. Sites like Google, Facebook and the others mentioned in all the press about PRISM. So what you do is you go to the box up the street from these big companies and you put the modern equivalent of a wire tap there, just outside their doors.
That’s why, when asked, all these companies vehemently denied that the NSA had direct access to their “servers”. That’s probably true. What they had was direct access to most of the stuff going in or out of their servers. And interestingly, this traffic is travelling on what is a public network. The status of the traffic here, public or private is not so clear.
The modern internet runs over high speed fibre optic connections: these are thin tubes of flexible glass down which light travels. If you remember your high school physics you might remember the way to split light: a prism.
You can also split a fibre optic signal with a prism: shine in one signal and take two out. Each of the two split beams will be half as strong, but that is not an issue. Effectively you’ve made a perfect copy of the flowing data.
The testimony from the AT&T employee gives details of a room, in the AT&T building in San Francisco, owned and operated only by the NSA. At the AT&T building they had a high speed connection to the rest of the domestic internet. Where that entered the building just such a prism was placed: one signal carried on to AT&T and the other went into the secret NSA room.
It would seem that the way the NSA set up their dragnet surveillance was to install just such secret NSA rooms in internet service companies all over the US and particularly in locations just outside the major web companies they chose to snoop data from.
Tonight Steve Gibson tweeted this link:
Which contains a link to a PDF document from a company called Narus. It’s Wikipedia description is:
Narus is a company, now a wholly owned subsidiary of Boeing, which provides real-time network traffic and analytics software with enterprise class spyware capabilities.[1][2] It was co-founded in Israel in 1997 by Ori Cohen, who had served as Vice President of Business and Technology Development for VDONet, an early media streaming pioneer, and Stas Khirman.[3]
So it was originally Israeli tech and it’s now a part of Boeing. Who moved to Obama’s home town of Chicago (but perhaps thats a coincidence).
The picture at the top of this post is from a brochure of a system that certainly looks like it could do the job of tapping the internet. It’s a picture of a prism splitting information for monitoring.
That’s the best explanation of how the NSA’s PRISM system operates I’ve heard.
And now for the slightly extraneous bit about freedoms and the unintended consequences of science and technology.
I’m reading a stunning book: In the Garden of Beasts: Love, Terror, and an American Family in Hitler’s Berlin. This book centres on the experiences of the US’s Ambassador to Germany in 1933. A Jew, Fritz Harber, came to see the ambassador. At one time he’d been a hero of Germany having invented the industrial process behind chlorine gas (and it’s weaponisation in WW1) and extracting nitrogen from the atmosphere (vital for fertiliser and gunpowder). As a Jew, in 1933, he had been thrown out of his university and was desperately seeking help.
No matter what he’d done for Germany he was now an enemy of the state. He received no help from the US, managed to flee to England but his health failed him and he died soon after. Perhaps it was a blessing as he never lived to see what the Nazis did with another of his inventions: his insecticide for fumigating grain stores was first called Zyklon A. It was transformed by the Nazis into the infamous Zyklon B.
Tyranny comes creeping. Little baby steps of lost liberty until eventually ….
