You’ve probably heard a lot about online mass surveillance, but maybe you’re wondering how exactly intelligence agencies are monitoring you.
Last month Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
The National Security Agency of the USA figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber security researchers and former operatives. Helpfully, they like to give their surveillance programmes silly codenames, so we can explain what’s going on. Here’s our top 10 NSA and GCHQ surveillance programmes, brought to you by Amnesty International and Privacy International.
Who? NSA & GCHQ
What? It intercepts user data as it passes between Google servers. Yahoo! was also said to be affected.
Why should I care? Between December 2012 and January 2013, MUSCULAR collected 181 million records. But Google have now strengthened security between their servers so it’s not all bad news.
What should I do? Try not to worry, it’s not like Google is the internet or anything.
9. OPTIC NERVE
Who? GCHQ with the help of NSA.
What? A program started in 2008, Optic Nerve allowed secret access to a Yahoo! webcam chats. In one six month period in 2008 it spied on 1.8 MILLION Yahoo! users and took one still image every five minutes of video per user. Between 3-11% of the images captured by Optic Nerve captured were sexually explicit “undesirable nudity”.
Why should I care? Well, if they've owned Yahoo! webcam chats, what other video apps can they break into?
What should I do? Smile for the camera!
What? Mystic spies on every single phone call made in five target countries. In the Philippines, Kenya and Mexico, Mystic ‘only’ records the metadata (who called who, when the call happened, for how long and the location of the call if it was made on a mobile). In Afghanistan and the Bahamas, it records the content of every call made and stores it for 30 days. That’s a combined population of 250 million people whose phone calls are being secretly monitored by the NSA.
Why should I care? This is basically the NSA conducting 24 hour-a-day surveillance on entire countries.
What should I do? Don’t be born in, live in, visit or call people in the Philippines, Kenya, Mexico, Afghanistan and the Bahamas.
7. OPERATION SOCIALIST
What? GCHQ targeted Belgacom, Belgium's largest telecommunications provider, with spyware called Regin, a malicious piece of software designed to break into Belgaom’s networks. The purpose of the GCHQ hack was to spy on phones and internet users using the Belgacom network.
Why should I care? The GCHQ attack means that anyone who used Belgacom’s networks could have been secretly spied on. This includes the European Commission, the European Parliament and the European Council. It potentially also allowed GCHQ to monitor communications transmitted between Belgacom and its international partners (the company had connections across Europe, the Middle East and North Africa).
What should I do? To be absolutely sure, avoid communications.
6. GEMALTO HACKING
Who? NSA and GCHQ
What? Gemalto is the largest SIM Card manufacturer in the world, producing two billion sim cards a year. It has 400 mobile network operator partners with 700 million subscribers. GCHQ attacked its network to steal the sim card encryption keys that protect conversations from being listened to. Gemalto said it detected attacks in 2010 and 2011 and repelled them.
Why should I care? When intelligence agencies break the locks on communications infrastructure like SIM cards, they don't just leave the doors open for government spying, they leave the doors open for identity thieves, hackers and organised criminals too. What should I do? 3 steps to ensure you and your calls are free from spying: 1. Hang up 2. Remove sim card from phone 3. Never use phone again.
What? According to leaked NSA slides, Prism allowed the NSA to compel companies – including Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple – to grant them access to users’ personal data on their servers. These internet companies store enormous quantities of personal information. For example, Google’s gmail service had 425 million active users worldwide in June 2012. Google’s search engine is also the most widely used in the world and it was estimated in 2012 that it processed over 5 billion search requests per day. Google by default collects and stores email and search data.
Why should I care? You know those embarrassing late night Facebook messages you send? The slightly dodgy YouTube videos you like to watch? The risqué Skype chats you have with your other half when they're travelling for work? Wonder who else is watching?
What should I do? Ummm, did we suggest not communicating already?
4. THE THREE SMURFS – Dreamy, Nosey and Tracker
What? Dreamy Smurf is a program that allows its user to activate a target's phone when it is apparently turned off. Nosey Smurf is a “hot mic” feature that turns on the microphone on a phone to listen in to conversations going on around it. Finally, Tracker Smurf can track your location and other accompanying tools can retrieve messages, e-mails, web history, call records, videos, address book, notes, calendar from your phone. Essentially, it it’s on your phone, they can get it.
Why Should I care? Your phone – the love of your life – has been turned against you. It's not just a time waster and a way to Instagram photos of your dinner – now it's a tracking device and microphone that you willingly carry around with you all the time.
What can I do? Do not stand, sit, run or fall near someone who owns a mobile phone.
Who? NSA and Australia, Canada, New Zealand and the UK have access to it. The Five countries call themselves the Five Eyes Alliance.
What? It’s an NSA search database for intercepted communications. XKeyscore is basically Google search for spies. Intelligence officers can find personal information in the database about anyone they like using search terms. Oh, and there is no need for a warrant to do this.
Why should I care? This is one giant database full of billions of people's emails, text messages and phone calls. How much worse can it get?
What can I do? Be careful what you search for, who you talk to, what you look at and what you say at all times. Spies are known to be paranoid.
AND THE JOINT WINNERS ARE:
1. UPSTREAM AND TEMPORA
Who? NSA and GCHQ
What? Undersea fibre optic cables carry 99% of the world’s communications. The NSA and GCHQ directly intercept cables connected to the US (through Upstream) and the UK (Tempora). These cables carry most of the word's communications, and a leaked slide from GCHQ expressly says they are intent on “Mastering the Internet”.
The ‘context’ of intercepted data (in other words, your emails and Facebook posts) are stored for at least three days and metadata (the websites you visited, who you emailed, when you sent your emails and the subject of your emails) are stored for 30 days. Tempora also intercepts telephone calls. GCHQ has set over 40,000 search terms and the NSA has set over 31,000 search terms which are used to determine which data should be extracted. That’s a lot of searches.