AT&T helped NSA Spy on Domestic Citizens

The relationship between AT&T and the NSA is said to be "highly collaborative," thanks to the company's "extreme willingness to help."

Newly published document, provided by Edward Snowden in 2013, show the US cellular and telecom giant was in cahoots with the intelligence agency as far back as 1985, a relationship that later intensified following the September 11 terrorist attacks.

More than two years after the first document was published by reporters, we're now venturing into the portion of the documents disclosed by Snowden that are highly likely and previously suspected, but now finally confirmed.
NSA is codename heavy. It's for a reason: it mitigates damage in case of information leaks. It's long been suspected that US telcos, large and small, have on some level "cooperated" with the NSA, whether willingly or otherwise. There are dozens of codenames for different companies, and collections and programs under which that collected data is filtered and stored.

One of the larger programs is Fairview, which reporters are now saying it can be no other than AT&T, based on new evidence that's come to light. Former NSA whistleblower William Binney claims  that "Fairview" was AT&T, and "Stormbrew" was Verizon. Another one of these programs, "Oakstar," collects data from companies in eight countries that are not part of the Five Eyes coalition. Binney left the agency in 2001.

Some of these codenames are considered "sensitive compartmented information," meaning even some NSA officials aren't sure who's who. The NSA's partners or collaborators in the private sector is a huge state secret.
From the report, AT&T "provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters," which is a customer of AT&T.
 
It's not news that the UN, home of the world's governments, were targets for US spies. But how the spying happened is remarkable -- and also quite boring. Previous reports said NSA spies "bugged" the UN headquarters in New York, cracking encryption and coding systems and infiltrating the video-conferencing systems. Other reports also said UN secretary-general Ban Ki-moon's talking points were also grabbed from an email message through the Blarney email-grabbing program.
How was it done? By targeting the cable flowing in and out of the UN's building. It's a surprisingly easy effort with AT&T's help.

In the first few months after the NSA started collecting on AT&T's networks, the agency took in "400 billion internet metadata records," such as who people were talking to but not what was said.
The Fairview program also started sending back "more than one million emails a day to the keyword selection system" at NSA headquarters in Fort Meade, MD.

By 2011, AT&T began handing "over 1.1 billion domestic cellphone calling records," just months before the tenth anniversary of the September 11 attacks. By 2013, the program was "processing 60 million foreign-to-foreign emails a day" that were flowing over AT&T's domestic network.
"This is a partnership, not a contractual relationship," says one of the documents, referring to the AT&T-NSA relationship as one that's cooperative rather than obligatory.

Playing devil's advocate, telecoms face far greater and stricter regulation than software firms and technology companies. AT&T isn't allowed to comment. In any case, there will very likely be another side to this. We know Verizon was forced to hand over its domestic records, because a court order from the Foreign Intelligence Surveillance Court, the court that authorizes the government's spying, showed that. No released documents have shown AT&T was forced to hand over data. 
ZDNet: http://zd.net/1hajMVK

 

 

« Cyberwar Right Here, Right Now...
UN Calls On Social Media to Act Against ‘Misuse’ by Extremists »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Verisec International

Verisec International

Verisec International AB is a Swedish Tech company focused since inception in enabling Trust in Digital Transactions, through the development of proprietary cutting-edge technologies and services.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Center for Internet Security (CIS)

Center for Internet Security (CIS)

CIS is a nonprofit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.

National Information Technology Development Agency (NITDA) - Nigeria

National Information Technology Development Agency (NITDA) - Nigeria

The National Information Technology Development Agency (NITDA) is committed to implementing the Nigerian National Information Technology Policy.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

PyNet Labs

PyNet Labs

PyNet Labs is a Training Company serving corporates as well as individuals across the world with ever-changing IT and technology training.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).