Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Report: NSA Expanded Internet Spying
One Expert Says Program Seeks Info on Malware, Not PeopleThe National Security Agency secretly expanded its warrantless surveillance of Americans' international Internet traffic to seek evidence of malicious computer hacking, according to documents leaked by former NSA contractor Edward Snowden, Pro Publica and The New York Times report.
See Also: Gartner Market Guide for DFIR Retainer Services
Two secret Justice Department memos, written in mid-2012, deemed as legal the search of Internet communications, without warrants and on American soil, for data linked to computer intrusions emanating from abroad, including traffic that flows to suspicious Internet addresses or contains malware, the publications reported on June 4, citing the Snowden documents leaked two years ago.
The Justice Department allowed the agency to monitor only addresses and "cyber-signatures" - patterns associated with computer intrusions - which it could tie to foreign governments, according to the news reports. But the leaked documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers.
Packets, Not People?
Martin Libicki, a national security and information technology scholar at the Rand Corp., a think tank, says the NSA program, as described in the news reports, seems to be focused on searching for malware by applying a version of the Department of Homeland Security's Einstein intrusion prevention system. "In other words," he says, "this isn't about people but packets."
The disclosure about the expansion of the Internet traffic surveillance comes days after the Senate passed and President Obama signed the USA Freedom Act, which ended the unrelated NSA program to collect in bulk metadata of Americans' phone calls (see President Obama Signs USA Freedom Act). The Obama and Bush administrations justified the phone records bulk collection program on a provision in the Patriot Act, which expired June 1. The administration says it bases the Internet surveillance program on another law, the Foreign Intelligence Surveillance Act.
Before the vote on the USA Freedom Act, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., offered an amendment to that measure to prohibit the government from conducting warrantless reviews of Americans' email and other communications under section 702 of the Foreign intelligence Surveillance Act. However, the amendment never came up for a vote.
Seeking 'Reasonable Limits'
The Senate sponsor of the USA Freedom Act, Democrat Patrick Leahy of Vermont, says news of the expansion of warrantless surveillance of Internet traffic underscores the critical importance of placing "reasonable and common sense limits" on government surveillance to protect the privacy of Americans, saying Congress should enact more reforms. "Congress should have an open, transparent and honest debate about how to protect both our national security and our privacy," Leahy says.
At the daily White House briefing, spokesman Josh Earnest wouldn't provide details about the "covert government" program but said President Obama remains vigilant about an "ever-evolving" cyberthreat that's increasing in frequency, scale, sophistication and severity, a point also made by Brian Hale, spokesman for the Office of the Director for National Intelligence.
"Against that backdrop, it should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies," Hale says. "These operations play a critical role in protecting U.S. networks from disruptive, and even destructive, cyberthreats."
The NSA issued a statement saying its Internet surveillance programs are legal. "All of NSA's activities revolve around its lawful foreign intelligence mandate," the NSA statement says. "That mandate - to find foreign intelligence information necessary to protect our citizens and allies - influences not only the way NSA accesses data, but also the way NSA controls and processes it. Analysts must complete detailed, extensive training before accessing foreign intelligence databases."