NSA's secret hunt for hackers: How widespread?

Reports that the US Justice Department secretly expanded NSA Internet surveillance come just days after Congress voted to rein in government authority to collect data on US citizens.

Patrick Semansky/AP/File
A sign stands outside the National Security Agency (NSA) campus in Fort Meade, Md., June 6, 2013. While the new surveillance law stands as the most significant curb on the government's investigative authorities since 9/11, it's all but inconsequential in the universe of the National Security Agency's vast digital spying operations.

Yes, the just-passed USA Freedom law places some important limits on National Security Agency surveillance activities. For instance, it will stop the spy agency from collecting Americans’ phone records in bulk as it searches for foreign intelligence. NSA analysts will move instead to a system of case-by-case searches of records held by phone companies, not NSA computers.

But the NSA is still doing lots of things that worry privacy advocates. Case in point: Thursday’s revelation that the agency expanded its warrantless surveillance of Internet traffic in mid-2012 to try and catch computer hackers linked to foreign governments.

On one level this is in line with the NSA’s purpose. It is an intelligence arm of the US government, aimed at threats and adversaries outside the nation’s borders. That includes Chinese, or Russian, or North Korean government groups organized for cyber infiltration.

But cyberwar is a shadowy game. Distinguishing a foreign threat from a lone domestic vandal isn’t quite as easy as one might suppose.

For years experts have debated what role the NSA might play in protecting the nation’s cyber infrastructure. For the most part that debate has assumed that the NSA’s domestic authority is narrowly circumscribed, and that domestic law enforcement organizations such as the FBI play a much larger role, according to Jonathan Mayer, a law lecturer at Stanford University and computer science expert.

That would make the nation’s cyberdefense analogous to the situation with flesh-and-blood spies. The CIA tracks foreign agents overseas, while the FBI does counterintelligence defense inside the US.

“Today, we learn that assumption is incorrect,” writes Mr. Mayer on his personal blog. “The NSA already asserts broad domestic cybersecurity powers.”

Unsurprisingly, former NSA contractor Edward Snowden is the source of this latest NSA news. Working from documents provided by Mr. Snowden, The New York Times and ProPublica established that the US electronic spy agency began in 2012 “hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad – including traffic that flows to suspicious Internet addresses or contains malware.”

The secret Justice Department memos that authorized this expansion allowed the agency to monitor only Internet provider addresses and “cybersignatures” – patterns associated with computer intrusions – that it could trace to foreign governments, according to the NYT/ProPublica account.

But the NSA also has tried to snoop on suspected hackers even when they could not directly tie them to foreign government groups. Why? Because it’s so hard to tell these threats apart, that’s why. Sometimes one mimics the other. Sometimes they share malware or particular bits of coding patterns. Sometimes they work together.

“Targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose,” Brian Hale, a spokesman for the Office of the Director of National Intelligence, told The New York Times and ProPublica.

But the difficulty of distinguishing between individual and government attacks isn’t the only privacy complication here. In the course of investigating hackers the NSA vacuums up lots of data on innocent Americans that hackers themselves steal. Can this information be used in criminal cases unrelated to the hacking itself?

That’s unclear, notes the Times/ProPublica investigation.

Proponents of further curbs on NSA activities say this shows why the USA Freedom Act, signed into law by President Obama this week, should be just a first step. These “back door” searches of personal data by law enforcement officials should be explicitly banned, they say.

“To add insult to injury, under this program victims of cybercrime are doubly harmed when their government collects and searches their private stolen communications and data,” Rep. Zoe Lofgren (D) of California told The Guardian on Thursday.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to NSA's secret hunt for hackers: How widespread?
Read this article in
QR Code to Subscription page
Start your subscription today