Report: NSA Sifts Americans’ International Internet Traffic to Hunt Hackers

The National Security Agency’s ability to warrantlessly sift through Americans’ international Internet traffic has been secretly expanded as part of efforts to identify malicious hackers. The increased surveillance, sanctioned by the Obama administration in 2012, has allowed the NSA to monitor U.S. Internet networks for information about hacks originating abroad, the New York Times and […]

The National Security Agency’s ability to warrantlessly sift through Americans’ international Internet traffic has been secretly expanded as part of efforts to identify malicious hackers.

The increased surveillance, sanctioned by the Obama administration in 2012, has allowed the NSA to monitor U.S. Internet networks for information about hacks originating abroad, the New York Times and ProPublica reported Thursday, citing documents from NSA whistleblower Edward Snowden.

According to the Times:

The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments. But the documents also note that the N.S.A. sought to target hackers even when it could not establish any links to foreign powers. […]

It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion — a foreign government or a criminal gang — and the N.S.A. is supposed to focus on foreign intelligence, not law enforcement.

The government can also gather significant volumes of Americans’ information – anything from private emails to trade secrets and business dealings — through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it.

One internal N.S.A. document notes that agency surveillance activities through “hacker signatures pull in a lot.”

The revelation calls into question previous statements made by senior U.S. officials about a claimed lack of ability to detect cyberattacks within the United States. During his time as director of the NSA, for instance, Keith Alexander (pictured above) continually lobbied for more cybersecurity powers, but did not mention the scope of those already obtained by the agency. In March 2014, the then-NSA director told a cybersecurity conference at Georgetown University: “An attack on Wall Street or an exploit going against Wall Street — NSA and Cyber Command would probably not see that. We have no capability there. Against everything that’s been said, the fact is we don’t have the ability to see it.”

The Times report, an embargoed copy of which was shared with The Intercept because co-founder Laura Poitras contributed to it, also reveals that the FBI negotiated in 2012 to use the NSA’s surveillance capabilities to monitor Internet traffic passing over “chokepoints operated by U.S. providers through which international communications enter and leave the United States.” The NSA would reportedly send the intercepted traffic to a “cyberdata repository” maintained by the bureau in Quantico, Virginia.

Brian Hale, spokesman for the Director of National Intelligence’s office, said in a statement: “It should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.” He added: “targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose.”

However, Jonathan Mayer, a cybersecurity scholar at Stanford Law School, told the Times the NSA’s activities revealed in the documents run “smack into law enforcement land.”

“That’s a major policy decision about how to structure cybersecurity in the U.S. and not a conversation that has been had in public,” Mayer said.

Photo: Jeff Chiu/AP

Join The Conversation