Documents leaked by Edward Snowden reveal the NSA and GCHQ hack into internal Google and Yahoo networks accessing huge volumes of data.
The NSA and UK's GCHQ have hacked into Google and Yahoo's cloud network, giving them bulk access to huge volumes of data. (Washington Post)
In the latest leaks to come from the cache of documents stolen by Edward Snowden, it has been revealed that the NSA and GCHQ have been accessing huge volumes of data flowing between the data centres belonging to Yahoo and Google.
One of the documents leaked by Snowden to the Washington Post, dated 9 January, 2013, says that in the previous 30 days over 181 million pieces of information had been processed by the NSA and GCHQ, under a specially devised programme called MUSCULAR.
Earlier this year it was revealed that the NSA was using a programme called PRSIM to legally access data held by a range of major US tech companies but this only allowed them to access data on targets they believed to be foreign nationals.
The latest leaks suggest that the NSA is using MUSCULAR to carry out bulk surveillance which would be illegal if carried out in the US. However the way MUSCULAR works, it taps into the fibre optic links between the various data centres which both Google and Yahoo operate around the world.
Looser restrictions on what the NSA can and can't do in relation to this information allows the NSA to assume that everyone using a foreign data link like this is a foreigner. It is unclear how much data belonging to US citizens may have been access using this programme.
In a statement, Google said it was "troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.
"We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links," the company said.
At Yahoo, a spokeswoman said: "We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency."
When Google or Yahoo customers use any of the companies' services, their emails, pictures, video etc are all stored in the a network of huge data centres around the world, known as the cloud.
To facilitate this set-up both companies operate numerous, geographically diverse data centres around the world with user data stored in multiple locations to improve reliability and performance. These data centres are connected using privately-owned fibre optic cables which don't share traffic with other internet users in order to keep information secure.
Until recently these links were not encrypted but in September Google announced it was moving to encrypt the connections while Yahoo's data centre links for now remain unencrypted.
Tapping into the Google and Yahoo clouds allows the NSA and GCHQ to intercept communications in real time and to take "a retrospective look at target activity," according to one internal NSA document.
Google and Yahoo were under the impression that their own internal data centre links were safe from prying eyes, but as the hand-drawn document at the top of this article shows, the NSA was able to identify where the "Google Cloud" connected with the "Public Internet" highlighting where encryption was added and removed.
The data which is collected from Google and Yahoo is directed by GCHQ into what is called a "buffer" which can hold three to five days worth of traffic. This traffic is then processed by specially designed tools which unpack the special data formats both companies use within their respective clouds.
An automated filter then picks out the information it deems important, throwning away the rest.
To contact the editor, e-mail: