EDWARD SNOWDEN INTERVIEW: STUXNET CREATED BY NSA, ISRAEL
Tue Jul 09, 2013 3:20
TEHRAN (FNA)- In an interview conducted using encrypted e-mails,
whistleblower Edward Snowden discusses the power of the NSA, how it
is “in bed together with the Germans” and the vast scope of Internet
spying conducted by the United States and Britain, where he disclosed
that the Stuxnet virus which infiltrated Iranian computers had been
co-written by NSA and Israel.
Shortly before he became a household name around the world as a
whistleblower, Edward Snowden answered a comprehensive list of
questions. They originated from Jacob Appelbaum, 30, a developer
of encryption and security software. Appelbaum provides training to
international human rights groups and journalists on how to use the
Internet anonymously.
Appelbaum first became more broadly known to the public after he spoke
on behalf of WikiLeaks founder Julian Assange at a hacker conference
in New York in 2010. Together with Assange and other co-authors,
Appelbaum recently released a compilation of interviews in book form
under the title “Cypherpunks: Freedom and the Future of the Internet.”
Appelbaum wound up on the radar of American authorities in the
course of their investigation into the WikiLeaks revelations. They
have since served legal orders to Twitter, Google and Sonic to hand
over information about his accounts. But Appelbaum describes his
relationship with WikiLeaks as being “ambiguous,” and explains here
how he was able to pose questions to Snowden.
“In mid-May, documentary filmmaker Laura Poitras contacted me,”
Appelbaum said. “She told me she was in contact with a possible
anonymous National Security Agency (NSA) source who had agreed to be
interviewed by her.”
“She was in the process of putting questions together and thought
that asking some specific technical questions was an important part
of the source verification process. One of the goals was to determine
whether we were really dealing with an NSA whistleblower. I had deep
concerns of COINTELPRO-style entrapment. We sent our securely encrypted
questions to our source. I had no knowledge of Edward Snowden’s
identity before he was revealed to the world in Hong Kong. He also
didn’t know who I was. I expected that when the anonymity was removed,
we would find a man in his sixties.”
“The following questions are excerpted from a larger interview that
covered numerous topics, many of which are highly technical in nature.
Some of the questions have been reordered to provide the required
context. The questions focus almost entirely on the NSA’s capabilities
and activities. It is critical to understand that these questions were
not asked in a context that is reactive to this week’s or even this
month’s events. They were asked in a relatively quiet period, when
Snowden was likely enjoying his last moments in a Hawaiian paradise —
a paradise he abandoned so that every person on the planet might come
to understand the current situation as he does.”
“At a later point, I also had direct contact with Edward Snowden in
which I revealed my own identity. At that time, he expressed his
willingness to have his feelings and observations on these topics
published when I thought the time was right.”
Editor’s note: The following excerpts are taken from the original
English-language version of the interview. Potential differences in
language between the German and English versions can be explained by
the fact that we have largely preserved the technical terms used by
Snowden in this transcript. Explanations for some of the terminology
used by Snowden as well as editor’s notes are provided in the form
of footnotes.
Interviewer: What is the mission of America’s National Security Agency
(NSA) — and how is the job it does compatible with the rule of law?
Snowden: They’re tasked to know everything of importance that happens
outside of the United States. That’s a significant challenge. When
it is made to appear as though not knowing everything about everyone
is an existential crisis, then you feel that bending the rules is okay.
Once people hate you for bending those rules, breaking them becomes
a matter of survival.
Interviewer: Are German authorities or German politicians involved
in the NSA surveillance system?
Snowden: Yes, of course. We’re 1 in bed together with the Germans the
same as with most other Western countries. For example, we 2 tip them
off when someone we want is flying through their airports (that we
for example, have learned from the cell phone of a suspected hacker’s
girlfriend in a totally unrelated third country — and they hand
them over to us. They 3 don’t ask to justify how we know something,
and vice versa, to insulate their political leaders from the backlash
of knowing how grievously they’re violating global privacy.
Interviewer: But if details about this system are now exposed, who
will be charged?
Snowden: In front of US courts? I’m not sure if you’re serious. An
investigation found the specific people who authorized the warrantless
wiretapping of millions and millions of communications, which per
count would have resulted in the longest sentences in world history,
and our highest official simply demanded the investigation be halted.
Who “can” be brought up on charges is immaterial when the rule of
law is not respected. Laws are meant for you, not for them.
Interviewer: Does the NSA partner with other nations, like Israel?
Snowden: Yes. All the time. The NSA has a massive body responsible
for this: FAD, the Foreign Affairs Directorate.
Interviewer: Did the NSA help to create Stuxnet? (Stuxnet is the
computer worm that was deployed against the Iranian nuclear program.)
Snowden: NSA and Israel co-wrote it.
Interviewer: What are some of the big surveillance programs that are
active today and how do international partners aid the NSA?
Snowden: In some cases, the so-called Five Eye Partners 4 go beyond
what NSA itself does. For instance, the UK’s General Communications
Headquarters (GCHQ) has a system called TEMPORA. TEMPORA is the
signals intelligence community’s first “full-take” Internet buffer
that doesn’t care about content type and pays only marginal attention
to the Human Rights Act. It snarfs everything, in a rolling buffer to
allow retroactive investigation without missing a single bit. Right
now the buffer can hold three days of traffic, but that’s being
improved. Three days may not sound like much, but remember that
that’s not metadata. “Full-take” means it doesn’t miss anything,
and ingests the entirety of each circuit’s capacity. If you send a
single ICMP packet 5 and it routes through the UK, we get it. If you
download something and the CDN (Content Delivery Network) happens to
serve from the UK, we get it. If your sick daughter’s medical records
get processed at a London call center … well, you get the idea.
Interviewer: Is there a way of circumventing that?
Snowden: As a general rule, so long as you have any choice at
all, you should never route through or peer with the UK under any
circumstances. Their fibers are radioactive, and even the Queen’s
selfies to the pool boy get logged.
Interviewer: Do the NSA and its partners across the globe do full
dragnet data collection for telephone calls, text and data?
Snowden: Yes, but how much they get depends on the capabilities of the
individual collection sites — i.e., some circuits have fat pipes but
tiny collection systems, so they have to be selective. This is more
of a problem for overseas collection sites than domestic 6 ones,
which is what makes domestic collection so terrifying. NSA isn’t
limited by power, space and cooling PSC constraints.
‘US Multinationals Should Not Be Trusted’
Interviewer: The NSA is building a massive new data center in Utah.
What is its purpose?
Snowden: The massive data repositories.
Interviewer: How long is the collected data being stored for?
Snowden: As of right now, full-take collection ages off quickly (a
few days) due to its size unless an analyst has “tasked” 7 a target or
communication, in which the tasked communications get stored “forever
and ever,” regardless of policy, because you can always get a waiver.
The metadata 8 also ages off, though less quickly. The NSA wants to be
at the point where at least all of the metadata is permanently stored.
In most cases, content isn’t as valuable as metadata because you can
either re-fetch content based on the metadata or, if not, simply task
all future communications of interest for permanent collection since
the metadata tells you what out of their data stream you actually want.
Interviewer: Do private companies help the NSA?
Snowden: Yes. Definitive proof of this is the hard part because the NSA
considers the identities of telecom collaborators to be the jewels in
their crown of omniscience. As a general rule, US-based multinationals
should not be trusted until they prove otherwise. This is sad, because
they have the capability to provide the best and most trusted services
in the world if they actually desire to do so. To facilitate this,
civil liberties organizations should use this disclosure to push them
to update their contracts to include enforceable clauses indicating
they aren’t spying on you, and they need to implement technical
changes. If they can get even one company to play ball, it will
change the security of global communications forever. If they won’t,
consider starting that company.
Interviewer: Are there companies that refuse to cooperate with the NSA?
Snowden: Also yes, but I’m not aware of any list. This category will
get a lot larger if the collaborators are punished by consumers in
the market, which should be considered Priority One for anyone who
believes in freedom of thought.
Interviewer: What websites should a person avoid if they don’t want
to get targeted by the NSA?
Snowden: Normally you’d be specifically selected for targeting based
on, for example, your Facebook or webmail content. The only one I
personally know of that might get you hit untargeted are jihadi forums.
Interviewer: What happens after the NSA targets a user?
Snowden: They’re just owned. An analyst will get a daily (or scheduled
based on exfiltration summary) report on what changed on the system,
PCAPS 9 of leftover data that wasn’t understood by the automated
dissectors, and so forth. It’s up to the analyst to do whatever they
want at that point — the target’s machine doesn’t belong to them
anymore, it belongs to the US government.
Footnotes:
1 “We’re” refers to the NSA.
2 “We” refers to the US intelligence service apparatus
3 “They” refers to the other authorities.
4 The “Five Eye Partners” is a reference to the intelligence services
of United States, Britain, Australia, New Zealand and Canada.
5 “ICMP” is a reference to Internet Control Message Protocol. The
answer provided here by Snowden was highly technical, but it was clear
that he was referring to all data packets sent to or from Britain.
6 “Domestic” is a reference to the United States.
7 In this context, “tasked” refers to the full collection and storage
of metadata and content for any matched identifiers by the NSA or
its partners.
8 “Metadata” can include telephone numbers, IP addresses and connection
times, among other things. Wired Magazine offers a solid primer
on metadata.
9 “PCAPS” is an abbreviation of the term “packet capture”.