![\"obama-nsa\"](\"https:\/\/hcsblogdotorg.files.wordpress.com\/2016\/01\/obama-nsa.jpg\")
<\/p>\n<\/p>\n
OF ALL THE <\/span>NSA surveillance documents Edward Snowden leaked, some of the most important exposed the spy agency\u2019s so-called XKEYSCORE program, a massive system for vacuuming up and sifting through emails, chats, images, online search activity, usernames and passwords, and other private digital data from core fiber optics cables around the world.<\/p>\n XKEYSCORE, which the NSA calls its \u201cwidest reaching\u201d surveillance program<\/a>, was established around 2008 and consists of more than 700 servers that store data sucked from the internet\u2019s backbone and mine this data for patterns and connections.<\/p>\n Only a well-resourced party like the NSA could deploy such a grandiose surveillance program. But if your spy needs are more modest, there are a number of existing tools available that offer similar surveillance capabilities, albeit at a smaller scale, says Nicholas Weaver.<\/p>\n Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley who focuses on network surveillance and security issues, developed a little hobby after the Snowden leaks in 2013: to build a bulk surveillance system in miniature<\/a> that would be capable of performing all the primary tasks of an NSA spy system\u2014but on a small, 100 Mbps-size network. Those capabilities had to include bulk data collection, search functionality, the ability to track cookies and identify anonymous users, a method for injecting malware into a surveillance target\u2019s computer for more directed surveillance, and a friendly web interface. Luckily, Weaver realized, he already had off-the-shelf equipment that met the criteria.<\/p>\n \u201cWhen the Snowden stuff came out, I looked at the documents and said, \u2018Hey they\u2019re doing what I do. It\u2019s literally the same [as the security research] I\u2019ve been doing for a decade,’\u201d Weaver told WIRED.<\/p>\n Speaking to WIRED in advance of a presentation he\u2019s giving today about his system at the Enigma security conference<\/a> in San Francisco, he described the components needed to emulate the spy agency.<\/p>\n Although the US intelligence community likes to operate under the notion that its systems are NOBUS (Nobody But Us), meaning its technologies are unique to the United States, Weaver says the reality is the opposite when it comes to surveillance technology. \u201cIt\u2019s very banal and very basic, it\u2019s very well-understood technology, and \u2026 there\u2019s really nothing new,\u201d he says.<\/p>\n The NSA\u2019s super-secret surveillance system, in fact, works very much the way off-the-shelf intrusion detection systems (IDS) function: With these systems, when a data packet arrives to a network, a high-volume filter separates garbage traffic from the important traffic and passes the latter to aload balancer<\/a>, which distributes data to a number of servers. In this case, it distributes the data to network intrusion detection nodes or devices. The IDS nodes then parse the traffic to determine if it\u2019s benign or malicious and make decisions about what to do based on those conclusions, such as blocking the traffic if it\u2019s malicious and issuing an alert to administrators.<\/p>\n Following the same general design, Weaver developed a home-grown surveillance system that took less than a week to construct. To approximate a filter and load balancer, he used OpenFlow<\/a>, a protocol for managing and directing traffic among routers and switches on a network. For his intrusion detection system, he used the Bro Network Security Monitor<\/a>, an open-source framework developed by Vern Paxson, a fellow computer scientist at UC Berkeley. He had to write scripts to do things like extract the cookies in web traffic and parse out usernames from traffic, but this was minimal work.<\/p>\n Those looking to do more robust backbone monitoring and data parsing like the NSA does could opt instead forSurveillance Tech Is \u2018Banal and Basic\u2019<\/h3>\n
DIY Surveillance<\/h3>\n
\n<href=”https: www.vortexsystems.us”=””>Vortex, an IDS that the US defense contractor Lockheed Martin<\/a> developed and released for free on GitHub. Weaver thinks, in fact, that the NSA\u2019s XKEYSCORE system probably began its life as Lockheed Martin\u2019s Vortex, based on XKEYSCORE system features described in the Snowden documents.<\/p>\n