We spoke with cyber security expert Mark Wuergler to gauge the feasibility of allegations that the National Security Agency is collecting and analysing virtually all of the domestic Internet traffic in the U.S.
He said it was a viable option for the nation’s premier covert intelligence gathering organisation, and one that wouldn’t be difficult for them given their resources.
He also mentioned that the average IT professional has the knowledge of how to spy but doesn’t have access to the data.
Wuergler is chief senior security researcher at security firm Immunity, which helps companies discover how vulnerable their systems are. It was founded in 2002 by former NSA research scientist Dave Aitel (who has also done work for DARPA).
Nevertheless, Wuergler said that he could build profiles of individual people — much like the NSA.
Whistleblower William Binney says he built the original software (i.e. ThinThread) that identified, in real time, networks of connections between individuals based on their electronic communications.
“I can pull your entire life together from all those domains and map it out and show your entire life over time,” Binney told documentarian Laura Poitras while she was investigating the NSA’s $2 billion data storage facility in Bluffdale, Utah.
Here’s what Wuergler can do if he has access to your network:
“There are ways for me to hijack your Facebook and Twitter and your email accounts and things like that … intercept all of your wireless traffic … I developed a tool called ‘Stalker‘ that can reconstruct all of the data that’s coming across the wire and put it in a database where I can view it. It’s a profile of all of your data — usernames, passwords, emails, text messages in some cases, where your phone has been in the past — all of the secrets that you don’t think you’re giving up. I mean it is also gets your pizza preference.”
Here’s a screenshot of the app (click to enlarge):
Imagine that writ large and you get an idea of the damning allegations against the NSA.
Wuergler noted that “the only way that you can really protect yourself and keep your communications private is to run only on your own hardware, using encryption. … That’s really bad news for most people.”
He also told us that the reason people are sceptical of the allegations against the world’s largest spy agency “when they try to answer their own question: How would I conduct a high-profile data siphoning attack with no detection? And when they come up with no answer they assume it can’t be done.”
But as Wuergler explains, he can build real-time profiles. Which means that there is no doubt that the NSA can.
Business Insider Emails & Alerts
Site highlights each day to your inbox.