Reporters at the New York Times wrote this week that Level 3 Communications — the Colorado-based internet company that manages online traffic for much of North America, Latin America and Europe — is likely responsible for letting the NSA and its British counterpart silently collect troves of sensitive data from the biggest firms on the web.
Last month, top-secret leaked documents released to the media by former intelligence contractor, Edward Snowden, revealed efforts by the NSA to intercept web traffic going between data centers owned by big companies in an unencrypted state. A Washington Post report from late October attributes those Snowden leaks as saying that the NSA was receiving millions of records every day from internal Yahoo and Google networks and transferring that information to a facility at the agency’s Fort Meade, Maryland headquarters – all in spite of previously leaked documents which detailed how those companies and others had been providing the NSA with front-door access as part of the agency’s PRISM operation.
Nevertheless, the Post reported last month that “From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.” Data stored within those facilities is highly secure and encrypted, but not while in transit on cables primarily owned by Level 3.
Nearly one month later, an article published this Monday by Nicole Perlroth and John Markoff at the Times says those interception points could have been approved by Level 3, who owns the cable infrastructure that the majority of America’s web traffic travels through.
“People knowledgeable about Google and Yahoo’s infrastructure say they believe that government spies bypassed the big Internet companies and hit them at a weak spot — the fiber-optic cables that connect data centers around the world that are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and Level 3 Communications,” Perlroth and Markoff wrote. “In particular, fingers have been pointed at Level 3, the world’s largest so-called Internet backbone provider, whose cables are used by Google and Yahoo.”
“It is impossible to say for certain how the NSA managed to get Google and Yahoo’s data without the companies’ knowledge,” the Times article continued, “But both companies, in response to concerns over those vulnerabilities, recently said they were now encrypting data that runs on the cables between their data centers.”
Through the NSA’s PRISM operation first disclosed by Mr Snowden in June, the government is alleged to have “upstream” access to data that non-US persons send through the servers of major internet companies, even compensating those firms in order to ensure they’re fully compliant with the feds’ requests. When word of a backdoor operation targeting those same PRISM-partners was disclosed last month, Google said at the time, “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”