#CyberSpaceWar, Uncategorized

After #PRISM, ‘Boundless Informant’ tool comes to light

from CNet.com: Meet the U.S. National Security Agency's global intelligence tracking
tool, Boundless Informant, the latest intelligence secret exposed by
leaked information
.



The stream of leaks revealing the U.S. National Security Agency's
secrets carries on with the public outing of a powerful intelligence
tracking tool. 



In a fresh wave of documents obtained by The Guardian, the details of the NSA's data mining tool "Boundless Informant" are laid out for the world to see.


Whereas PRISM
is involved in the collection of data, Boundless Informant focuses on
organizing and indexing metadata. The tool categorizes communications
records rather than the content of a message itself, such as a text
message or phone call.


A leaked fact sheet (PDF)
explains that almost 3 billion pieces of intelligence had been
collected from U.S. computer networks in the 30-day period ending with
March of this year, as well as indexing almost 100 billion pieces
worldwide. Countries are ranked based on how much information has been
taken from mobile and online networks, and color-coded depending on how
extensively the NSA is spying on a country. 


Users of the tool are able to select a country on Boundless Informant's
"heat map" to view details including the metadata volume and different
kinds of NSA information collection. 


Iran is top of the surveillance list, with more than 14 billion data
reports categorized by the tracking tool in March, with Pakistan coming
in close second at 13.5 billion reports. Jordan, Egypt, and India are
also near the top


Levels of country-specific surveillance are color-coded depending on
severity; green the least and moving through yellow and orange to red if
a country is under heavy surveillance.


Example use cases include "How many records (and what type) are
collected against a particular country?" and "Are there any visible
trends for the collection?" 


The other leaked document (PDF)
says the tool is designed to give NSA officials answers to questions
including what coverage the agency has on specific countries, how data
collection compares in different regions, and how many records are being
produced. 

Both documents were protectively marked as "top secret" and "NOFORN"
(which means not authorized for viewing by non-U.S. citizens). 


According to the documents, Boundless Informant is hosted on corporate
servers and leverages open-source FOSS technology. Raw data is analyzed
and processed in the cloud. The level of data categorized can also be
broken down to determine which intercepts originate from the U.S., and
this detail includes IP addresses -- which can be tracked back to
determine a user's country of origin, state, and city. 


In a March hearing last year, NSA Director General Keith Alexander
denied that the U.S. government spies on its citizens.
When asked by
Rep. Hank Johnson (R-Ga.) if the NSA has the technological capacity to
identify citizens based on the content of their e-mails, Alexander said:


No, no, we don't have the technical insights in the United States. In
other words, you have to have something to intercept or some way of
doing that either by going to a service provider with a warrant or you
have to be collecting in that area. We're not authorized to do that nor
do we have the equipment in the United States to collect that kind of
information.



The exposure of the NSA's internal Boundless tracking tool -- which is
likely used only by the intelligence agency -- may cause some to doubt
Alexander. The NSA has maintained its position and denies spying on U.S.
citizens; a representative for the agency telling The Guardian:


NSA has consistently reported -- including to Congress -- that we do not
have the ability to determine with certainty the identity or location
of all communicants within a given communication. That remains the case.
The continued publication of these allegations about highly classified
issues, and other information taken out of context, makes it impossible
to conduct a reasonable discussion on the merits of these programs.

The original version of this story appeared as "Boundless Informant: US gov't collects 100 billion surveillance records a month" on ZDNet. 

#PumpUpThaVolume: September 18, 2020