recommended reading

NSA Hacked Google and Yahoo's Private Networks

Google's campus-network room at a data center in Council Bluffs, Iowa.

Google's campus-network room at a data center in Council Bluffs, Iowa. // Google/AP

More documents from the Edward Snowden leak show that the National Security Agency has tapped Google and Yahoo's cloud networks to access massive amounts of data, including from Americans.

The report released Wednesday by The Washington Post indicates that the NSA has gained access to the fiber optic connections between the servers that power each company's network.

According to a top secret accounting dated Jan. 9, 2013, NSA’s acquisitions directorate sends millions of records every day from Yahoo and Google internal networks to data warehouses at the agency’s Fort Meade headquarters. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — ranging from “metadata,” which would indicate who sent or received e-mails and when, to content such as text, audio and video.

When you send email or store files with an internet company, that data is regularly shared among servers around the world, in order to ensure quick access to your information from wherever you happen to be. Google and Yahoo run customized private networks to shuttle that information around, passing between and within countries, as the Post indicates in a graphic. To move that information, the companies use fiber optic connections, light-speed networks running over thin glass cables. According to the Post, it's those connections that the NSA is able to monitor. None of Yahoo's inter-server traffic is encrypted. Not all of Google's are either, prompting a little smiley face in a slide obtained by the Post.

Read the fulls story at TheAtlanticWire.com.

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.