How intelligence agencies (like the NSA) get their data to spy on people? How are they able to get private data that are protected and encrypted?

455 viewsOtherTechnology

How intelligence agencies (like the NSA) get their data to spy on people? How are they able to get private data that are protected and encrypted?

In: Technology

8 Answers

Anonymous 0 Comments

any time you fill out a web form for anything, you can be 100% guaranteed that your data will be sold by that company in a list somewhere.

Anonymous 0 Comments

The snowden leaks documented all that.

The NSA just asks the companies owning thesw platforms and they provide that info. In cases like facebook thats even automated.

They dont need to literaly look at you, facbook is already storing everything.

Anonymous 0 Comments

Many years ago it was revealed that multiple governments were participating in a program called the Echelon Project, where they had monitors on certain major information traffic hubs, such as the huge undersea cables that carry phone traffic between countries. It was denied for a long time but several whistleblowers revealed it and it was eventually fully uncovered when the Australian government admitted to being a participant.

So, in addition to what other people are saying about how they can just request your personal data from social media and other sources, many governments run covert programs to scrape data directly from the sources.

Anonymous 0 Comments

There’s very few things that are truly “private” and “encrypted “
NSA specifically can “see” everything that is transmitted in the US. If it’s encrypted the protocol that makes things encrypted has a pattern/algorithm that makes the encryption AND the is used to decrypt things.

However MOST encryption software publish something along the lines of “this is the special math we use to encrypt things, check our work” both to “show their work” and to see if anyone can poke holes in it.

The intelligence agencies reach out to most companies and say “hey, what you made is great and all, but we need a backdoor in case a terrorist cell uses your encryption to see what they’re doing”

Some companies say yes for patriotic duty, others say “oh I don’t know” until the agency pays out some cash and very few companies flat out say no, people are entitled to privacy.

Other times an agency (usually NSA, but also DARPA or others) have a group that their sole job is to crack to encryption (and not tell the public) so they can read the data unencrypted.

How’s this legal? Well if they pluck it out of the air (which is possible for a lot of internet traffic) or by simply targeting a specific cell tower, they don’t need a warrant as they’re casting a net instead of going after one person. Even though they are sifting all the data to get the information of ONE target.

In other words words, the only thing that is truly safe and “encrypted” are your thoughts …for now

Anonymous 0 Comments

The answer is more complicated than just “companies sell your data”. Here are the main answer:

0-days: These are critical vulnerabilities within systems that remain undisclosed, even to the developers themselves. A prime example of a 0-day is the ability to gain unrestricted access to any Facebook account you want, with almost no risk of being caught if you know what you’re doing (assuming you have the knowledge to discover such vulnerability).

Nowadays, many 0-days are bought and sold, their value depending on their capabilities and limitations, often fetching [millions of dollars](https://zerodium.com/program.html). Addressing the question, entities like the NSA utilize these 0-days (either through purchase or specialized cybersecurity research teams) to establish persistent access to numerous systems, including Google and various software platforms. It’s not just the NSA; but almost all government agencies worldwide do the same.

You can [learn more](https://www.wired.com/2013/10/nsa-hacked-yahoo-google-cables/) about how NSA use these vulnerabilites to penetrate any system they want by looking at Snowden leaks from 2013.

Anonymous 0 Comments

Most of the time, they get the information from the source. While your traffic may be encrypted between you and the service you’re talking to, it is usually recoverable from that service directly.

So if the NSA wants a list of your posts on Facebook, they send a request to Meta who will then provide all the information they have on you. This will also include information you may have deleted but that has not been removed from the Meta servers and governments often place requirements on platforms like Facebook to retain this data for long periods of time.

Text messages are not encrypted (lots of legacy reasons for this, the main one being the inventors didn’t think any normal users would actually use them) and so can be recovered directly from telcos. Most telcos will also have a provision to intercept voice calls without needing stingray style devices but this does require a warrant and probable cause.

End to end encrypted messaging platforms like WhatsApp cannot have the messages or calls intercepted but some services will still store and release metadata. So Meta will tell the NSA who you are speaking to even if what you’re talking about can’t be recovered.

If you backup your messages to iCloud / Google Drive without encryption, then they can request a copy of the backup from these companies and get the messages that way or they can recover the messages from either person’s phone as again even deleted messages are stored in the database locally on the phone

Anonymous 0 Comments

Generally they don’t even need to the metadata is enough. A hypothetical scenario i saw in an article a few years ago.

Looking at only the data from the phone of the wife of a senator in a tight re election campaign we see it has been messaging the same number regularly for the past year almost every night and these two numbers are frequently connected to the same mobile phone mast when the senator is out of town. Abruptly two months ago this communication stopped and on the same day the wife’s phone was noted to be in a telephone call with an abortion clinic and that same phone was connected to a mast in the same area as that clinic a few days later.

The messages and calls in the above scenario were all encrypted and inaccessible yet the metadata is more than enough for us to safely assume what was going on and possible to use it to influence the result of the hypothetical upcoming election.

Anonymous 0 Comments

They have FISA court authorized wire taps on the encryption key providers. They have the private decryption keys for all common forms of encryption. That plus a copy of all the data that goes to and from every datacenter gives them everything they want.