MUSCULAR (DS-200B), located in the United Kingdom, is the name of a surveillance programme jointly operated by Britain's Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) that was revealed by documents which were released by Edward Snowden and interviews with knowledgeable officials. GCHQ is the primary operator of the program. GCHQ and the National Security Agency have secretly broken into the main communications links that connect the data centers of Yahoo! and Google. Substantive information about the program was made public at the end of October 2013.
The programme is jointly run by:
- – Government Communications Headquarters (GCHQ) (United Kingdom)
- – U.S. National Security Agency (NSA)
MUSCULAR is one of at least four other similar programs that rely on a trusted 2nd party, programs which together are known as WINDSTOP. In a 30-day period from December 2012 to January 2013, MUSCULAR was responsible for collecting 181 million records. It was however dwarfed by another WINDSTOP program known (insofar) only by its code DS-300 and codename INCENSER, which collected over 14 billion records in the same period.
According to the leaked document the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo! and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Maryland. The programme operates via an access point known as DS-200B, which is outside the United States, and it relies on an unnamed telecommunications operator to provide secret access for the NSA and the GCHQ.
According to the Washington Post, the MUSCULAR program collects more than twice as many data points (“selectors” in NSA jargon) compared to the better known PRISM. Unlike PRISM, the MUSCULAR program requires no (FISA or other type of) warrants.[dubious ]
Because of the huge amount of data involved, MUSCULAR has presented a special challenge to NSA's Special Source Operations. For example, when Yahoo! decided to migrate a large amount of mailboxes between its data centers, the NSA's PINWALE database (their primary analytical database for the Internet) was quickly overwhelmed with the data coming from MUSCULAR.
According to a post-it style note from the presentation, the exploitation relied on the fact that (at the time at least) data was transmitted unencrypted inside Google's private cloud, with "Google Front End Servers" stripping and respectively adding back SSL from/to external connections. According to the Washington Post: "Two engineers with close ties to Google exploded in profanity when they saw the drawing." After the information about MUSCULAR was published by the press, Google announced that it was working on deploying encrypted communication between its datacenters.
Reactions and countermeasures
This section needs expansion. You can help by adding to it. (January 2014)
In December 2013, Microsoft announced similar plans and used the expression "advanced persistent threat" in their press release (signed-off by their top legal representative), which the press immediately interpreted as comparison of the NSA with the Chinese government-sponsored hackers.
- 2013 mass surveillance disclosures
- DISHFIRE, another NSA–GCHQ collaboration collecting SMS and similar messages worldwide
- List of government mass surveillance projects
- Mass surveillance
- Squeaky Dolphin, program targeting Facebook, YouTube, and Blogger
- Total Information Awareness
- Gellman, Barton; Soltani, Ashkan; Peterson, Andrea (November 4, 2013). "How we know the NSA had access to internal Google and Yahoo cloud data". The Washington Post. Retrieved November 5, 2013.
- Gellman, Barton; Soltani, Ashkan (October 30, 2013). "NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say". The Washington Post. Retrieved October 31, 2013.
- Gellman, Barton; DeLong, Matt. "How the NSA's MUSCULAR program collects too much data from Yahoo and Google". The Washington Post. Retrieved 28 December 2013.
- Gellman, Barton; DeLong, Matt (2013-10-30). "One month, hundreds of millions of records collected". The Washington Post. Retrieved 2014-01-27.
- Gallagher, Sean (October 31, 2013). "How the NSA's MUSCULAR tapped Google's and Yahoo's private networks". Ars Technica. Retrieved November 1, 2013.
- Gallagher, Sean (2013-11-06). "Googlers say "F*** you" to NSA, company encrypts internal network". Ars Technica. Retrieved 2014-01-15.
- Brandom, Russell (2013-11-18). "Yahoo plans to encrypt all internal data by early 2014 to keep the NSA out". The Verge. Retrieved 2014-01-27.
- Danny Yadron (2013-12-05). "Microsoft Compares NSA to 'Advanced Persistent Threat' - Digits - WSJ". Blogs.wsj.com. Retrieved 2014-01-15.
- Tom Warren (2013-12-05). "Microsoft labels US government a 'persistent threat' in plan to cut off NSA spying". The Verge. Retrieved 2014-01-15.
- Savage, Charlie; Miller, Claire; Perlroth, Nicole (October 30, 2013). "N.S.A. Said to Tap Google and Yahoo Abroad". The New York Times. Retrieved November 1, 2013.
- Rushe, Dominic; Ackerman, Spencer; Ball, James (October 30, 2013). "Reports that NSA taps into Google and Yahoo data hubs infuriate tech giants". The Guardian. Retrieved November 2, 2013.
- Gellman, Barton; Soltani, Ashkan; Lindeman, Todd (October 30, 2013). "How the NSA is infiltrating private networks". The Washington Post. Retrieved November 1, 2013.
- Miller, Claire (October 31, 2013). "Angry Over U.S. Surveillance, Tech Giants Bolster Defenses". The New York Times. Retrieved November 1, 2013.
- Schneier, Bruce (October 31, 2013). "NSA Eavesdropping on Google and Yahoo Networks". Schneier on Security. Retrieved November 1, 2013.
- Perlroth, Nicole; Markoff, John (November 25, 2013). "N.S.A. May Have Penetrated Internet Cable Links". The New York Times. Retrieved November 26, 2013.
- Gellman, Barton; DeLong, Matt. "What Yahoo and Google did not think the NSA could see". The Washington Post. Retrieved March 14, 2014.