MUSCULAR

Last updated August 18, 2023

MUSCULAR (DS-200B), located in the United Kingdom,^[1] is the name of a surveillance program jointly operated by Britain's Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) that was revealed by documents released by Edward Snowden and interviews with knowledgeable officials.^[2] GCHQ is the primary operator of the program.^[1] GCHQ and the NSA have secretly broken into the main communications links that connect the data centers of Yahoo! and Google.^[3] Substantive information about the program was made public at the end of October 2013.

Overview

The programme is jointly run by:

– Government Communications Headquarters (GCHQ) (United Kingdom)
– U.S. National Security Agency (NSA)

MUSCULAR is one of at least four other similar programs that rely on a trusted 2nd party, programs which together are known as WINDSTOP. In a 30-day period from December 2012 to January 2013, MUSCULAR was responsible for collecting 181 million records. It was however dwarfed by another WINDSTOP program known (insofar) only by its code DS-300 and codename INCENSER, which collected over 14 billion records in the same period.^[4]

Operational details

According to the leaked document the NSA's acquisitions directorate sends millions of records every day from internal Yahoo! and Google networks to data warehouses at the agency's headquarters at Fort Meade, Maryland. The program operates via an access point known as DS-200B, which is outside the United States, and it relies on an unnamed telecommunications operator to provide secret access for the NSA and the GCHQ.^[3]

According to The Washington Post , the MUSCULAR program collects more than twice as many data points ("selectors" in NSA jargon) compared to the better known PRISM.^[2] Unlike PRISM, the MUSCULAR program requires no (FISA or other type of) warrants.^{[ dubious – discuss ]}

Because of the huge amount of data involved, MUSCULAR has presented a special challenge to NSA's Special Source Operations. For example, when Yahoo! decided to migrate a large amount of mailboxes between its data centers, the NSA's PINWALE database (their primary analytical database for the Internet) was quickly overwhelmed with the data coming from MUSCULAR.^[5]

Closely related programmes are called INCENSER and TURMOIL. TURMOIL, belonging to the NSA, is a system for processing the data collected from MUSCULAR.^[1]

According to a post-it style note from the presentation, the exploitation relied on the fact that (at the time at least) data was transmitted unencrypted inside Google's private cloud, with "Google Front End Servers" stripping and respectively adding back SSL from/to external connections. After the information about MUSCULAR was published by the press, Google announced that it was working on deploying encrypted communication between its datacenters.^[2]

Reactions and countermeasures

In early November 2013, Google announced that it was encrypting traffic between its data centers.^[6] In mid-November, Yahoo! announced similar plans.^[7]

In December 2013, Microsoft announced similar plans and used the expression "advanced persistent threat" in their press release (signed-off by their top legal representative), which the press immediately interpreted as comparison of the NSA with the Chinese government-sponsored hackers.^[8]^[9]

Google engineer Brandon Downey stated the following on Google+:^[10]

"Fuck these guys. I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces… But after spending all that time helping in my tiny way to protect Google -- one of the greatest things to arise from the internet -- seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips."

Gallery

Slide from NSA SSO presentation detailing the MUSCULAR capabilities
Internal NSA SSO update on the MUSCULAR operation, mentioning problem with Yahoo mailbox transfers, which required a throttling of data capture

Related Research Articles

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The existence of the NSA was not revealed until 1975. The NSA has roughly 32,000 employees.

<span class="mw-page-title-main">Ashkan Soltani</span> American computer scientist

Ashkan Soltani is the executive director of the California Privacy Protection Agency. He has previously been the Chief Technologist of the Federal Trade Commission and an independent privacy and security researcher based in Washington, DC.

PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies. The program is also known by the SIGAD US-984XN. PRISM collects stored internet communications based on demands made to internet companies such as Google LLC under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. Among other things, the NSA can use these PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle.

Edward Joseph Snowden is an American and naturalized Russian former computer intelligence consultant and whistleblower who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and subcontractor. His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes intelligence alliance with the cooperation of telecommunication companies and European governments and prompted a cultural discussion about national security and individual privacy.

<span class="mw-page-title-main">Tempora</span> GCHQ-operated Internet and telephone surveillance system

Tempora is the codeword for a formerly-secret computer system that is used by the British Government Communications Headquarters (GCHQ). This system is used to buffer most Internet communications that are extracted from fibre-optic cables, so these can be processed and searched at a later time. It was tested from 2008 and became operational in late 2011.

Special Source Operations (SSO) is a division in the US National Security Agency (NSA) which is responsible for all programs aimed at collecting data from major fiber-optic cables and switches, both inside the US and abroad, and also through corporate partnerships. Its existence was revealed through documents provided by Edward Snowden to media outlets in 2013 and, according to him, it is the "crown jewel" of the NSA.

BLARNEY is a communications surveillance program of the National Security Agency (NSA) of the United States. It started in 1978, operated under the Foreign Intelligence Surveillance Act and was expanded after the September 11 attacks.

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

OAKSTAR is a secret internet surveillance program of the National Security Agency (NSA) of the United States. It was disclosed in 2013 as part of the leaks by former NSA contractor Edward Snowden.

STORMBREW is a secret internet surveillance program of the National Security Agency (NSA) of the United States. It was disclosed in the summer of 2013 as part of the leaks by former NSA contractor Edward Snowden.

Dishfire is a covert global surveillance collection system and database run by the United States of America's National Security Agency (NSA) and the United Kingdom's Government Communications Headquarters (GCHQ) that collects hundreds of millions of text messages on a daily basis from around the world. A related analytic tool is known as Prefer.

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

This is a category of disclosures related to global surveillance.

Global mass surveillance can be defined as the mass surveillance of entire populations across national borders.

Global surveillance refers to the practice of globalized mass surveillance on entire populations across national borders. Although its existence was first revealed in the 1970s and led legislators to attempt to curb domestic spying by the National Security Agency (NSA), it did not receive sustained public attention until the existence of ECHELON was revealed in the 1980s and confirmed in the 1990s. In 2013 it gained substantial worldwide media attention due to the global surveillance disclosure by Edward Snowden.

The Fourth Amendment Protection Acts, are a collection of state legislation aimed at withdrawing state support for bulk data (metadata) collection and ban the use of warrant-less data in state courts. They are proposed nullification laws that, if enacted as law, would prohibit the state governments from co-operating with the National Security Agency, whose mass surveillance efforts are seen as unconstitutional by the proposals' proponents. Specific examples include the Kansas Fourth Amendment Preservation and Protection Act and the Arizona Fourth Amendment Protection Act. The original proposals were made in 2013 and 2014 by legislators in the American states of Utah, Washington, Arizona, Kansas, Missouri, Oklahoma and California. Some of the bills would require a warrant before information could be released, whereas others would forbid state universities from doing NSA research or hosting NSA recruiters, or prevent the provision of services such as water to NSA facilities.

Klayman v. Obama, 957 F.Supp.2d 1, was a decision by the United States District Court for District of Columbia finding that the National Security Agency's (NSA) bulk phone metadata collection program was unconstitutional under the Fourth Amendment. The ruling was later overturned on jurisdictional grounds, leaving the constitutional implications of NSA surveillance unaddressed.

This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.

Optic Nerve is a mass surveillance programme run by the British signals intelligence agency Government Communications Headquarters (GCHQ), with help from the US National Security Agency, that surreptitiously collects private webcam still images from users while they are using a Yahoo! webcam application. As an example of the scale, in one 6-month period, the programme is reported to have collected images from 1.8 million Yahoo! user accounts globally. The programme was first reported on in the media in February 2014, from documents leaked by the former National Security Agency contractor Edward Snowden, but dates back to a prototype started in 2008, and was still active in at least 2012.

References

1 2 3 Gellman, Barton; Soltani, Ashkan; Peterson, Andrea (November 4, 2013). "How we know the NSA had access to internal Google and Yahoo cloud data". The Washington Post. Retrieved November 5, 2013.
1 2 3 Gellman, Barton; Soltani, Ashkan (October 30, 2013). "NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say". The Washington Post. Retrieved October 31, 2013.
1 2 Gellman, Barton; DeLong, Matt. "How the NSA's MUSCULAR program collects too much data from Yahoo and Google". The Washington Post . Archived from the original on 30 October 2013. Retrieved 28 December 2013.
↑ Gellman, Barton; DeLong, Matt (2013-10-30). "One month, hundreds of millions of records collected". The Washington Post. Archived from the original on 2019-04-16. Retrieved 2014-01-27.
↑ Gallagher, Sean (October 31, 2013). "How the NSA's MUSCULAR tapped Google's and Yahoo's private networks". Ars Technica. Retrieved November 1, 2013.
↑ Gallagher, Sean (2013-11-06). "Googlers say "F*** you" to NSA, company encrypts internal network". Ars Technica. Retrieved 2014-01-15.
↑ Brandom, Russell (2013-11-18). "Yahoo plans to encrypt all internal data by early 2014 to keep the NSA out". The Verge. Retrieved 2014-01-27.
↑ Danny Yadron (2013-12-05). "Microsoft Compares NSA to 'Advanced Persistent Threat' - Digits - WSJ". Blogs.wsj.com. Retrieved 2014-01-15.
↑ Tom Warren (2013-12-05). "Microsoft labels US government a 'persistent threat' in plan to cut off NSA spying". The Verge. Retrieved 2014-01-15.
↑ Opam, Kwame (2013-11-06). "Google engineers issue 'fuck you' to NSA over surveillance scandal". The Verge. Retrieved 2023-04-17.

External links

Savage, Charlie; Miller, Claire; Perlroth, Nicole (October 30, 2013). "N.S.A. Said to Tap Google and Yahoo Abroad". The New York Times. Retrieved November 1, 2013.
Rushe, Dominic; Ackerman, Spencer; Ball, James (October 30, 2013). "Reports that NSA taps into Google and Yahoo data hubs infuriate tech giants". The Guardian. Retrieved November 2, 2013.
Gellman, Barton; Soltani, Ashkan; Lindeman, Todd (October 30, 2013). "How the NSA is infiltrating private networks". The Washington Post. Archived from the original on October 31, 2013. Retrieved November 1, 2013.
Miller, Claire (October 31, 2013). "Angry Over U.S. Surveillance, Tech Giants Bolster Defenses". The New York Times. Retrieved November 1, 2013.
Schneier, Bruce (October 31, 2013). "NSA Eavesdropping on Google and Yahoo Networks". Schneier on Security. Retrieved November 1, 2013.
Perlroth, Nicole; Markoff, John (November 25, 2013). "N.S.A. May Have Penetrated Internet Cable Links". The New York Times. Retrieved November 26, 2013.
Gellman, Barton; DeLong, Matt. "What Yahoo and Google did not think the NSA could see". The Washington Post. Retrieved March 14, 2014.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[How_we_know-1] 1 2 3 Gellman, Barton; Soltani, Ashkan; Peterson, Andrea (November 4, 2013). "How we know the NSA had access to internal Google and Yahoo cloud data". The Washington Post. Retrieved November 5, 2013.

[wapoSSL-2] 1 2 3 Gellman, Barton; Soltani, Ashkan (October 30, 2013). "NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say". The Washington Post. Retrieved October 31, 2013.

[wapo1-3] 1 2 Gellman, Barton; DeLong, Matt. "How the NSA's MUSCULAR program collects too much data from Yahoo and Google". The Washington Post . Archived from the original on 30 October 2013. Retrieved 28 December 2013.

[4] Gellman, Barton; DeLong, Matt (2013-10-30). "One month, hundreds of millions of records collected". The Washington Post. Archived from the original on 2019-04-16. Retrieved 2014-01-27.

[5] Gallagher, Sean (October 31, 2013). "How the NSA's MUSCULAR tapped Google's and Yahoo's private networks". Ars Technica. Retrieved November 1, 2013.

[6] Gallagher, Sean (2013-11-06). "Googlers say "F*** you" to NSA, company encrypts internal network". Ars Technica. Retrieved 2014-01-15.

[7] Brandom, Russell (2013-11-18). "Yahoo plans to encrypt all internal data by early 2014 to keep the NSA out". The Verge. Retrieved 2014-01-27.

[8] Danny Yadron (2013-12-05). "Microsoft Compares NSA to 'Advanced Persistent Threat' - Digits - WSJ". Blogs.wsj.com. Retrieved 2014-01-15.

[9] Tom Warren (2013-12-05). "Microsoft labels US government a 'persistent threat' in plan to cut off NSA spying". The Verge. Retrieved 2014-01-15.

[10] Opam, Kwame (2013-11-06). "Google engineers issue 'fuck you' to NSA over surveillance scandal". The Verge. Retrieved 2023-04-17.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

v t e National Security Agency
Locations	Alaska Mission Operations Center Colorado Cryptologic Center Consolidated Intelligence Center CSSG Dorsey Road European Cryptologic Center European Technical Center Fort Meade Friendship Annex Georgia Cryptologic Center Hawaii Cryptologic Center Interagency Training Center Kent Island Misawa Security Operations Center Multiprogram Research Facility Pine Gap RAF Menwith Hill Roaring Creek Room 641A Salt Creek Sugar Grove Texas Cryptologic Center Utah Data Center Pacific Technical Center
Leaders	Ralph Canine John A. Samford Laurence Hugh Frost Gordon Blake Marshall Carter Noel Gayler Samuel C. Phillips Lew Allen Bobby Ray Inman Lincoln D. Faurer William Eldridge Odom Bill Studeman John Michael McConnell Kenneth Minihan Michael Hayden Keith B. Alexander Michael S. Rogers Paul Nakasone
Divisions	CSS Information Warfare Support Center ROC Special Collection Service SSO TAO NTOC NSOC
Technology	ANT catalog FROSTBURG HARVEST Secure Terminal Equipment (STE) STU-I STU-II STU-III WARRIOR PRIDE
Controversy	Global surveillance disclosures (2013–present) Church Committee Edward Snowden LOVEINT James Bamford NSA warrantless surveillance controversy Pike Committee Russ Tice Thomas Andrews Drake Thomas Tamm Matthew Aid
Programs	Boundless Informant Dropmire ECHELON Fairview Insider Threat Program MUSCULAR MYSTIC PRISM Real Time Regional Gateway Stellar Wind TRAILBLAZER Turbulence Upstream XKeyscore Epic Shelter
Databases	DISHFIRE Interquake Main Core MAINWAY MARINA Nymrod PINWALE
Other	Dundee Society Institute for Defense Analyses National Cryptologic Museum National Cryptologic School National Vigilance Park NSA Hall of Honor VENONA Vulnerabilities Equities Process Zendian Problem