NSA documents leaked by Edward Snowden to the Guardian in 2013 described a covert program called XKEYSCORE (XKS) and showed how the US government can see almost everything one does on the internet; the new portion of the classified files published by The Intercept now reveals how easily it can be done: “as easy as typing a few words in Google.”
XKEYSCORE was one of the first covert programs that the Guardian wrote about when Snowden began leaking NSA documents two years ago, in 2013.
Now, a new set of training manual reveals the breadth of this program and how easily an analyst can break into remote computers – within a “few mouse clicks”.hes of his or her personal data.
Using only a target’s email address, telephone number, name or other identifying data, an analyst has the ability to conduct sweeping searc
“Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google,” Jonathan Brossard, a security researcher and the CEO of Toucan Systems, told The Intercept, a magazine which serves as a platform to report on the documents released by Edward Snowden.
“Anyone could be trained to do this in less than one day: they simply enter the name of the server they want to hack into XKEYSCORE, type enter, and are presented login and password pairs to connect to this machine. Done. Finito,” Brossard added.
The XKEYSCORE database is “fed a constant flow of Internet traffic from fiber optic cables that make up the back of the world’s communication network, among other sources, for processing,” the new report states. Its servers collect all of this data for up to five days, and store the metadata of this traffic for 30 to 45 days.
The system however is not limited to collecting web traffic.
“These newly published documents demonstrate that collected communications not only include emails, chats and web-browsing traffic, but also pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.”
“XKEYSCORE allows for incredibly broad surveillance of people based on perceived patterns of suspicious behavior. It is possible, for instance, to query the system to show the activities of people based on their location, nationality and websites visited,” the magazine says.
The same methods are used to steal the credentials — user names and passwords — of individual users of message boards.
Full article: NSA Spies Can Hack Any Computer in ‘A Few Mouse Clicks’ (Sputnik News)