AT&T helped NSA Spy on Domestic Citizens

Uploaded on 2015-09-30 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

The relationship between AT&T and the NSA is said to be "highly collaborative," thanks to the company's "extreme willingness to help."

Newly published document, provided by Edward Snowden in 2013, show the US cellular and telecom giant was in cahoots with the intelligence agency as far back as 1985, a relationship that later intensified following the September 11 terrorist attacks.

More than two years after the first document was published by reporters, we're now venturing into the portion of the documents disclosed by Snowden that are highly likely and previously suspected, but now finally confirmed.
NSA is codename heavy. It's for a reason: it mitigates damage in case of information leaks. It's long been suspected that US telcos, large and small, have on some level "cooperated" with the NSA, whether willingly or otherwise. There are dozens of codenames for different companies, and collections and programs under which that collected data is filtered and stored.

One of the larger programs is Fairview, which reporters are now saying it can be no other than AT&T, based on new evidence that's come to light. Former NSA whistleblower William Binney claims  that "Fairview" was AT&T, and "Stormbrew" was Verizon. Another one of these programs, "Oakstar," collects data from companies in eight countries that are not part of the Five Eyes coalition. Binney left the agency in 2001.

Some of these codenames are considered "sensitive compartmented information," meaning even some NSA officials aren't sure who's who. The NSA's partners or collaborators in the private sector is a huge state secret.
From the report, AT&T "provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters," which is a customer of AT&T.
 
It's not news that the UN, home of the world's governments, were targets for US spies. But how the spying happened is remarkable -- and also quite boring. Previous reports said NSA spies "bugged" the UN headquarters in New York, cracking encryption and coding systems and infiltrating the video-conferencing systems. Other reports also said UN secretary-general Ban Ki-moon's talking points were also grabbed from an email message through the Blarney email-grabbing program.
How was it done? By targeting the cable flowing in and out of the UN's building. It's a surprisingly easy effort with AT&T's help.

In the first few months after the NSA started collecting on AT&T's networks, the agency took in "400 billion internet metadata records," such as who people were talking to but not what was said.
The Fairview program also started sending back "more than one million emails a day to the keyword selection system" at NSA headquarters in Fort Meade, MD.

By 2011, AT&T began handing "over 1.1 billion domestic cellphone calling records," just months before the tenth anniversary of the September 11 attacks. By 2013, the program was "processing 60 million foreign-to-foreign emails a day" that were flowing over AT&T's domestic network.
"This is a partnership, not a contractual relationship," says one of the documents, referring to the AT&T-NSA relationship as one that's cooperative rather than obligatory.

Playing devil's advocate, telecoms face far greater and stricter regulation than software firms and technology companies. AT&T isn't allowed to comment. In any case, there will very likely be another side to this. We know Verizon was forced to hand over its domestic records, because a court order from the Foreign Intelligence Surveillance Court, the court that authorizes the government's spying, showed that. No released documents have shown AT&T was forced to hand over data. 
ZDNet: http://zd.net/1hajMVK

 

 

« Cyberwar Right Here, Right Now...
UN Calls On Social Media to Act Against ‘Misuse’ by Extremists »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.