AT&T helped NSA Spy on Domestic Citizens

The relationship between AT&T and the NSA is said to be "highly collaborative," thanks to the company's "extreme willingness to help."

Newly published document, provided by Edward Snowden in 2013, show the US cellular and telecom giant was in cahoots with the intelligence agency as far back as 1985, a relationship that later intensified following the September 11 terrorist attacks.

More than two years after the first document was published by reporters, we're now venturing into the portion of the documents disclosed by Snowden that are highly likely and previously suspected, but now finally confirmed.
NSA is codename heavy. It's for a reason: it mitigates damage in case of information leaks. It's long been suspected that US telcos, large and small, have on some level "cooperated" with the NSA, whether willingly or otherwise. There are dozens of codenames for different companies, and collections and programs under which that collected data is filtered and stored.

One of the larger programs is Fairview, which reporters are now saying it can be no other than AT&T, based on new evidence that's come to light. Former NSA whistleblower William Binney claims  that "Fairview" was AT&T, and "Stormbrew" was Verizon. Another one of these programs, "Oakstar," collects data from companies in eight countries that are not part of the Five Eyes coalition. Binney left the agency in 2001.

Some of these codenames are considered "sensitive compartmented information," meaning even some NSA officials aren't sure who's who. The NSA's partners or collaborators in the private sector is a huge state secret.
From the report, AT&T "provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters," which is a customer of AT&T.
 
It's not news that the UN, home of the world's governments, were targets for US spies. But how the spying happened is remarkable -- and also quite boring. Previous reports said NSA spies "bugged" the UN headquarters in New York, cracking encryption and coding systems and infiltrating the video-conferencing systems. Other reports also said UN secretary-general Ban Ki-moon's talking points were also grabbed from an email message through the Blarney email-grabbing program.
How was it done? By targeting the cable flowing in and out of the UN's building. It's a surprisingly easy effort with AT&T's help.

In the first few months after the NSA started collecting on AT&T's networks, the agency took in "400 billion internet metadata records," such as who people were talking to but not what was said.
The Fairview program also started sending back "more than one million emails a day to the keyword selection system" at NSA headquarters in Fort Meade, MD.

By 2011, AT&T began handing "over 1.1 billion domestic cellphone calling records," just months before the tenth anniversary of the September 11 attacks. By 2013, the program was "processing 60 million foreign-to-foreign emails a day" that were flowing over AT&T's domestic network.
"This is a partnership, not a contractual relationship," says one of the documents, referring to the AT&T-NSA relationship as one that's cooperative rather than obligatory.

Playing devil's advocate, telecoms face far greater and stricter regulation than software firms and technology companies. AT&T isn't allowed to comment. In any case, there will very likely be another side to this. We know Verizon was forced to hand over its domestic records, because a court order from the Foreign Intelligence Surveillance Court, the court that authorizes the government's spying, showed that. No released documents have shown AT&T was forced to hand over data. 
ZDNet: http://zd.net/1hajMVK

 

 

« Cyberwar Right Here, Right Now...
UN Calls On Social Media to Act Against ‘Misuse’ by Extremists »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.

SafeAeon

SafeAeon

SafeAeon is a leading Cybersecurity-as-a-Service provider, offering 24x7 premium Managed Security Services with AI-powered and Human-driven 24x7 SOC.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.