2013年8月12日月曜日

XKeyScore

XKeyScoreが話題。
 NSAが大量の個人情報を収集していた問題で、情報収集の手法を記した
米当局作成とされる資料をホームページに公開した。情報収集活動を暴露
しスパイ活動などの罪で米司法当局に訴追されたCIA元職員のエドワード・
スノーデン容疑者から資料提供を受けたとしており、「エックス・キース
コア(XKeyscore=XKS)」と呼ばれる情報収集システムを用いれば、監視対象
者のメールアドレスを入力するだけで「典型的なネットユーザーが行う
『ネット行動』のほぼ全てを捕捉できる」としている。

XKeyscore資料
XKeyscore presentation from 2008 - read in full

NSAの内部文書
・2008年 XKSを使ってテロリスト300人を逮捕した。

XKSは、LANアナライザ(Sniffer)と同等の機能とのことだから、Win系より
もUnix系で製作したのかもしれない。
XKSを光ファイバーや通信衛星等の基幹ネットワークに仕掛けておけば、
平文の情報は全て収集できる。収集データに、治安に必要なキーワードで
検索すれば、双方がわかると言うことだろう。
商用暗号のいくつかは解読できるとのことだったから、専門家が、分析す
るのかもしれない。
文章だけでなく、画像や音声、動画にも暗号が隠せるため、それぞれ専門
家を抱えているのか。
資料をみると機械化できたのは、IPアドレス、Emailアドレス、httpパーサ
等の比較的単純なデータ。言語は、英語、中国語、アラビア語のようだ。

XKeyscoreは、米国、豪州、加、英国、ニュージーランドが列記され、
機密となっている。The Five Eyesが関与のようだ。
サイト情報見ると、地図は変な形をしているが、日本や中国は監視され
ているが、韓国は対象外だった。

米法律の対象外になるように、電話番号やIPアドレスを証拠として、
正当化したようだ。

PRISM data-collection program
NSA 通話盗聴300件未満、20カ国以上でテロ阻止
GCHQ Espionage
米国 秘密裁判所令状更新
Lenovo Computer Refuse


NSA's 'XKeyscore' gives warrantless access to all Internet activity


---全ネット情報が収集可能…NSA、令状なしで---
2013年8月2日09時25分  読売新聞
http://www.yomiuri.co.jp/world/news/20130802-OYT1T00277.htm?from=main4

 【ロンドン=佐藤昌宏】1日付英紙ガーディアンは、米政府機関の監視活動を暴露した元米中央情報局(CIA)職員エドワード・スノーデン容疑者(30)の情報として、米国家安全保障局(NSA)が独自に開発したコンピューター・プログラムで、インターネット上のほぼ全ての情報を収集することが可能になっていると報じた。
 プログラムは「エックス・キースコア」と名付けられ、不特定多数の電子メールやネット履歴、チャットなど、ネット上のあらゆる情報を入手出来る仕組みという。同容疑者は、NSAに出向中に同プログラムを実際に使用していたと主張している。
 米国の法律は、米市民のネット情報を取得するには令状が必要と規定しているが、同紙によると、同プログラムにより令状なしの情報収集が技術的に可能になった。同紙が伝えたNSAの内部文書は、2008年には同プログラムを使ってテロリスト300人を逮捕したとしている。


---メルアドでネット行動が丸裸…英紙、米個人情報収集システムを公開---
2013.8.2 00:52
http://www.sankeibiz.jp/express/news/130802/exd1308020053000-n1.htm

 米情報機関の国家安全保障局(NSA)が大量の個人情報を収集していた問題で、英紙ガーディアンは7月31日、情報収集の手法を記した米当局作成とされる資料をホームページに公開した。情報収集活動を暴露しスパイ活動などの罪で米司法当局に訴追された中央情報局(CIA)元職員のエドワード・スノーデン容疑者(30)から資料提供を受けたとしており、「エックス・キースコア(XKeyscore=XKS)」と呼ばれる情報収集システムを用いれば、監視対象者のメールアドレスを入力するだけで「典型的なネットユーザーが行う『ネット行動』のほぼ全てを捕捉できる」としている。

テロリスト300人拘束
 ガーディアンがスノーデン容疑者から入手してネット上に公開した資料は、情報機関職員の研修用に作成されたマニュアル。それによると、独自に開発されたシステムであるXKSを使い、対象者のメールアドレスを入力して手順通りにプロセスを進めていけば、メールの内容やフェイスブック、ツイッターでのやり取り、ホームページの閲覧履歴などが把握できる。また、収集した情報は、別のルートでNSAが得た情報と瞬時に照会できるという。
 マニュアルの中でNSAは、2007年には1日約5億件、年間1500億件以上の情報を得たとしており、米当局は情報に基づき、08年までに300人のテロリストを拘束したとしている。また、情報収集量は昨年には1カ月で約410億件以上にまで増え、情報量が膨大なため、データの保存期間は現在では3~5日であると明かしている。
 ガーディアンの取材に対してNSAは、エックス・キースコアという名のシステムが存在することを認めた上で「(令状が必要ない)海外の情報を収集するのが目的で、収集したデータへの職員の勝手なアクセスが横行しているという指摘は事実ではない」と回答している。

合法性の疑念高まる
 米国の情報収集システムとしては、電話盗聴やファクス情報傍受が中心の「エシュロン」が有名だが、米政府はこの存在を認めておらず、今回、NSAがXKSの存在を認めたのは、極めて異例。また、米国では自国民の通信を傍受する場合、外国情報監視法(FISA)に基づき、「外国情報監視裁判所」による令状が必要だが、外国人については令状が不要で、通信を傍受することが認められている。
 しかし、米国人の通信だけを完全により分けるのは難しく、広範なグレーゾーンが存在しており、NSAがXKSの存在を認めたことは、米当局の活動の合法性に対する疑念をさらに高めたといえる。
 一方、ガーディアンの報道とタイミングを合わせるかのように、米情報機関を統轄するジェームズ・クラッパー国家情報長官(72)は7月31日、米上院司法委員会で情報機関活動の「透明性を高める」ためとして、3種類の機密文書を公開した。文書の内容は既に報じられていることが大半で、外国情報監視裁判所が情報収集活動を承認した文書によると、収集が許されているのは通信記録だけで、内容は含まれておらず、これまでの情報当局の説明を裏付ける内容となっている。
 スノーデン容疑者による情報暴露以降、米当局は機密情報を小出しにして批判をかわすのに躍起になっており、今回の公開もその一環とみられる。


---Xkeyscore Isn't Watching You, It's the NSA's Google for Intercepted Data---
Aug 01, 2013 2:57 PM EST
By Max Eddy
http://securitywatch.pcmag.com/security/314374-xkeyscore-isn-t-watching-you-it-s-the-nsa-s-google-for-intercepted-data

Yesterday, the Guardian released a series of documents outlying an NSA program called Xkeyscore. We learned a lot about it, including its groan-worthy 3Dt text art logo. It was clear that Xkeyscore could do a lot, and had access to an incredible amount of information. However, it might not be exactly what we thought.

On the heels of the Guardian report came a response from Marc Ambinder at The Week. He arguesand I am inclined to agree with himthat Xkeyscore itself isn't watching anyone. "XKEYSCORE is not a thing that DOES collecting," writes Ambinder. "It's a series of user interfaces, backend databases, servers and software that selects certain types of metadata that the NSA has ALREADY collected using other methods."

It's Google for Intercepted Data
I used this metaphor in my first post on Xkeyscore, and it seems to be proving quite apt. In the slide above, found early on the Guardian's leaked PowerPoint presentation, we see Xkeyscore sitting on top of a bunch of other vaguely named boxes.

"F6 means a Special Collection Service site located in a U.S. embassy or consulate overseas," writes Ambinder, who explains that this information comes from areas where it's not possible to communicate directly by phone or fiber optic cables. "FORNSAT" is reportedly quite literal, apparently meaning information intercepted from satellites. "SSO" apparently covers just about everything else that the NSA can touch with its Signals Intelligence Division. This group "taps cables, finds microwave paths, and otherwise collects data not generated by F6 or foreign satellites."

From the Guardian's information, the NSA has so much information plugged into Xkesycore that it dumps it on a rolling basissometimes just a day. This information appears to be broken down into several databases, the function of which Ambinder explains. "User activity metadata (including bulk data collected on U.S. persons) is stored in the MARINA database; content read or tasked is retained in the PINWALE database; and for specific and regular targets […] the TRAFFICTHIEF database allows an analyst to quite richly paint a portrait of that person's internet activities in real or near-real time, IF NSA has the data."

Compliance Pulldowns
The Guardian mentioned that Xkeyscore users had to use pulldown menus to explain their surveillance queries. Ambinder explains that this is part of the legal restraints on the system and that analysts are required to "convince the system that the target is foreign," which means the person is eligible for surveillance.

This could apparently involve any number of justifications, using evidence like phone numbers or IP addresses. "Enough of these boxes have to be checked to provide a 51 percent foreignness threshold, after which the analyst can continue his or her work without any other paperwork."

Ambinder continues, saying that the NSA has suggested that a separate set of oversight measures is used for monitoring U.S. citizens. It's quite possible that this will all turn out to at least be technically legal.

Whether or not it is ethical is another question all together. A recent story from the Atlantic recounts how a couple who were separately shopping for pressure cookers and backpacks wound up with a visit from an anti-terrorism task force. There's no direct evidence tying this to Xkeyscore, but it demonstrates just that search terms and huge datasets alone aren't enough to actually catch the bad guys.

Connect the Dots
I can sympathize with the intelligence agencies to a certain extent. In the wake of 9/11 and the recent bombings in Boston, the investigations that followed inevitable found opportunities where law enforcement could have or should have intervened. There was always a failure to "connect the dots."

Connecting the dots is exactly what PRISM and Xkeyscore do. They collect up all the dotsbits of informationsort them into some kind of logical sense, and then spit out results. In some ways, it's (almost, not really) the fantasy movies have promised us: an all seeing, all knowing secret program that can (allegedly) catch the bad guys.

The debate about what to do next with knowledge of PRISM and Xkeyscore won't be zero-sum; we won't end up choosing between constant surveillance and no protection at all. The almost assured outcome is that the NSA or some other organization will continue these operationsperhaps with stricter oversight or perhaps not. Hopefully though, the public furor will remind those who make decisions about these programs that they don't operate in a vacuum.


---NSA's Gigantic Surveillance Program Xkeyscore Revealed---
Jul 31, 2013 5:29 PM EST
http://securitywatch.pcmag.com/security/314336-nsa-s-gigantic-surveillance-program-xkeyscore-revealed

In a story no doubt timed to the keynote speech from NSA Director General Keith Alexander at this year's Black Hat conference, the Guardian has released information on Xkeyscore, a surveillance program run by the NSA. Massive in scope, it's being called the largest program of its kind.

Xkeyscore was first discussed earlier this month, when it was revealed that Australian intelligence agencies were a part of the program. According to NSA PowerPoint presentations released by the Guardian-complete with 3D text art-the system encompasses "over 700 servers" spread across "150 sites." The presentation was apparently related to US, Australian, Canadian, Great Britain, and New Zealand intelligence efforts.

Just How Much Data?
Based off information provided by PRISM leaker Edward Snowden, the Guardian describes a system which sucks in huge amounts of data. "One NSA report from 2007 estimated that there were 850bn 'call events' collected and stored in the NSA databases, and close to 150bn internet records," writes the Guardian. "Each day, the document says, 1-2bn records were added."

Because of the sheer bulk of information, actual content (presumably intercepted information) only remains in Xkeyscore for three to five days but metadata lasts up to 30 days. The information involved appears to cover just about anything traveling through HTTP-from emails to Facebook chats to browser histories-and more. Pertinent information can be flagged by investigators for longer storage, apparently in other systems with names like Trafficthief, Pinwale, and MARINA.

Amazingly, Xkeyscore also makes it searchable in a number of unique ways with apparently little oversight.

Google For Intercepted Data
An obvious problem with data collection of any kind is making the information actually useful. In the NSA PowerPoint presentation posted by the Guardian, Xkeyscore is made to look like a veritable Google for intercepted data, easily sorting and parse vast amounts of information in shocking ways.

Much of the actual operating of Xkeyscore is difficult to discern from the PowerPoint presentation, as it seems to presume an enormous amount of foreknowledge on the part of the reader. A series of scenarios towards the end of the presentation makes the potential of the program clear.

One slide asks, "my target speaks german but is in Pakistan - how can I find him?" This uses what the NSA calls an anomalous event-finding German amidst a primarily non-German dataset. The answer, from the same slide: "HTTP activity plugin extracts and stores all HTML language tags which can then be searched."

Another slide has a more magic-mirror scenario, where someone using Xkeyscore says, "show me all the exploitable machines in country X." Interestingly, the answer is "fingerprints from TAO are loaded into Xkeyscore application/fingerprint ID engine."

Who Watches the…You Know
Beyond the creepiness factor, the biggest issues associated with Xkeyscore and programs like it is the legality of the surveillance.  The 2008 Fisa law should, in theory, prevent the NSA from monitoring US citizens without a warrant. Non-citizens in other countries are fair game. But according to the Guardian, "NSA analysts are permitted to intercept the communications of such individuals without a warrant if they are in contact with one of the NSA's foreign targets." Analysts using Xkeyscore could select reasons for their investigations from a pull-down menu.

A big piece of PRISM and Xkeyscore is building connections between individuals-who spoke to who when, who emailed who when, etc.-so it's not surprising that US citizens would get Hoovered up along with NSA targets.

In a statement to the Guardian, the NSA describes the program as essential. The agency writes:

NSA's activities are focused and specifically deployed against - and only against - legitimate foreign intelligence targets in response to requirements that our leaders need for information necessary to protect our nation and its interests.

XKeyscore is used as a part of NSA's lawful foreign signals intelligence collection system.

Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA's analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.

Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.

These types of programs allow us to collect the information that enables us to perform our missions successfully - to defend the nation and to protect US and allied troops abroad.

In one of the NSA PowerPoint presentations, a slide covering success stories crows that, "over 300 terrorists captured using intelligence generated from XKEYSCORE."

0 コメント: