October 13, 2015
The Data Hackers
Posted on Oct 11, 2013
By Pratap Chatterjee, TomDispatch
The technologies these kinds of companies exploit often rely on software vulnerabilities. Hacking software can be installed from a USB drive, or delivered remotely by disguising it as an email attachment or software update. Once in place, an analyst can rifle through a target’s files, log every keystroke, and take pictures of the screen every second. For example, SS8 of Milpitas, California, sells software called Intellego that claims to allow government agencies to “see what [the targets] see, in real time” including “draft-only emails, attached files, pictures, and videos.” Such technology can also remotely turn on phone and computer microphones, as well as computer or cellphone cameras to spy on the target in real-time.
What the FBI does, however intrusive, is small potatoes compared to what the National Security Agency dreams of doing: getting and storing the data traffic not just of an entire nation, but of an entire planet. This became a tangible reality some two decades ago as the telecommunications industry began mass adoption of fiber-optic technology. This means that data is no longer transmitted as electrical signals along wires that were prone to interference and static, but as light beams.
Enter companies like Glimmerglass, yet another northern California outfit. In September 2002, Glimmerglass started to sell a newly patented product consisting of 210 tiny gold-coated mirrors mounted on microscopic hinges etched on to a single wafer of silicon. It can help transmit data as beams of light across the undersea fiber optic cables that carry an estimated 90% of trans-border telecommunications data. The advantage of this technology is that it is dirt cheap and—for the purposes of the intelligence agencies—the light beams can easily be copied with almost no noticeable loss in quality.
Square, Site wide
“With Glimmerglass Intelligent Optical Systems (IOS), any signal travelling over fiber can be redirected in milliseconds, without adversely affecting customer traffic,” says the company on its public website.
Glimmerglass does not deny that its equipment can be used by intelligence agencies to capture global Internet traffic. In fact, it assumes that this is probably happening. “We believe that our 3D MEMS technology—as used by governments and various agencies—is involved in the collection of intelligence from sensors, satellites, and undersea fiber systems,” Keith May, Glimmerglass’s director of business development, told the trade magazine Aviation Week in 2010. “We are deployed in several countries that are using it for lawful interception.”
In a confidential brochure, Glimmerglass has a series of graphics that, it claims, show just what its software is capable of. One displays a visual grid of the Facebook messages of a presumably fictional “John Smith.” His profile is linked to a number of other individuals (identified with images, user names, and IDs) via arrows indicating how often he connected to each of them. A second graphic shows a grid of phone calls made by a single individual that allows an operator to select and listen to audio of any of his specific conversations. Yet others display Glimmerglass software being used to monitor webmail and instant message chats.
“The challenge of managing information has become the challenge of managing the light,” says an announcer in a company video on their public website. “With Glimmerglass, customers have full control of massive flows of intelligence from the moment they access them.” This description mirrors technology described in documents provided by Edward Snowden to the Guardian newspaper.
Listening to phone calls, recording locations, and breaking into computers are just one part of the tool kit that the data-mining companies offer to U.S. (and other) intelligence agencies. Think of them as the data equivalents of oil and natural gas drilling companies that are ready to extract the underground riches that have been stashed over the years in strongboxes in our basements.
What government agencies really want, however, is not just the ability to mine, but to refine those riches into the data equivalent of high-octane fuel for their investigations in very much the way we organize our own data to conduct meaningful relationships, find restaurants, or discover new music on our phones and computers.
These technologies—variously called social network analysis or semantic analysis tools—are now being packaged by the surveillance industry as ways to expose potential threats that could come from surging online communities of protesters or anti-government activists. Take Raytheon, a major U.S. military manufacturer, which makes Sidewinder air-to-air missiles, Maverick air-to-ground missiles, Patriot surface-to-air missiles, and Tomahawk submarine-launched cruise missiles. Their latest product is a software package eerily named “Riot” that claims to be able to predict where individuals are likely to go next using technology that mines data from social networks like Facebook, Foursquare, and Twitter.
Raytheon’s Rapid Information Overlay Technology software—yes, that’s how they got the acronym Riot—extracts location data from photos and comments posted online by individuals and analyzes this information. The result is a variety of spider diagrams that purportedly will show where that individual is most likely to go next, what she likes to do, and whom she communicates with or is most likely to communicate with in the near future.
A 2010 video demonstration of the software was recently published online by the Guardian. In it, Brian Urch of Raytheon shows how Riot can be used to track “Nick”—a company employee—in order to predict the best time and place to steal his computer or put spy software on it. “Six a.m. appears to be the most frequently visited time at the gym,” says Urch. “So if you ever did want to try to get a hold of Nick—or maybe get a hold of his laptop—you might want to visit the gym at 6:00 a.m. on Monday.”
New and Improved Comments