Extended surveillance power was granted in secret

Jun 5, 2015 12:12 GMT  ·  By

Newly released documents from the Snowden cache reveal that the NSA received approval to monitor international traffic of US citizens without a warrant, to search for cyber intrusion patterns, associated with foreign government agencies or not.

Under the FISA (Foreign Intelligence Surveillance Act) Amendments Act in 2008, the NSA was allowed to carry out surveillance activity and collect data based on demands to Internet companies (PRISM partners), if the target was not a US citizen abroad.

Difficulty of attribution makes NSA want more

In 2012, the US Department of Justice secretly expanded the surveillance capabilities to cover individuals in America fallen victim to hacking operations originating from abroad.

Later, the agency made efforts to receive permission to monitor traffic even if a connection with a foreign entity could not be found, according to the Snowden documents obtained and released by ProPublica and The New York Times.

The request was motivated by the fact that attribution of a cyber intrusion is difficult to make because the same piece of malware could be used by multiple actors that hide their true location. On the same note, mercenary hackers are sometimes employed by governments, and the same malicious software could also be used for personal purposes.

Whatever hackers took, NSA captured

The agency tracked the hackers based on certain signatures that had been created, and this way, the NSA could track the activity. However, this also meant that the agency had access to a large part of data belonging to Americans, ranging from private emails to trade secrets, because it intercepted the data exfiltrated by the attackers.

A suggestion was made in 2010 that the information taken by the hackers should be stored in a location that could not be accessed by analysts tasked with unrelated problems.

Basically, NSA’s activity also stepped into the realm of law enforcement as it was able to monitor international Internet traffic for any malicious cyber operations.

The invasive decisions made for better protecting the US citizen were not subject to a public debate and no notifications have been issued about them.

It is unclear from the documents how many cyber intrusions were foiled based on this capability, or the number of hackers caught.