Since Edward Snowden began releasing sensitive NSA documents last year, we've learned a lot about the great and sometimes scary lengths the government will go to get information it wants. Now, a new document out, reportedly also from Snowden, details the way the NSA may have inserted spies into companies in the U.S. and around the globe, so it could gain access to private networks and gadgets.
The agency’s core secrets are outlined in a 13-page “brief sheet” about Sentry Eagle, an umbrella term that the NSA used to encompass its most sensitive programs “to protect America’s cyberspace.”
The document doesn't say whether the NSA has spies working at the companies or if the agents managed to get in by posing as someone else, like a contractor or customer. It's no surprise that the NSA is using these tactics in China, but the leak also shows that the U.S. government has agents working in Germany and South Korea, which are our allies. Even more surprising are the references the document makes to agents working within U.S. companies!
The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms.
But, spies aren't the only tool the NSA is using to crack into communications in this country and around the world. There are also companies out there that are knowingly working with the agency to make communications vulnerable.
The new leak also shows that the NSA has worked with companies to weaken encryption so that the agency can more easily access communication info.
The description of Sentry Raven, which focuses on encryption, provides additional confirmation that American companies have helped the NSA by secretly weakening encryption products to make them vulnerable to the agency. The briefing sheet states the NSA “works with specific U.S. commercial entities … to modify U.S. manufactured encryption systems to make them exploitable for SIGINT.”
SIGINT stands for signals intelligence. That's a basic terms for the NSA's efforts to collect information like emails, texts, photos and phone records. The NSA has also worked with foreign companies for similar purposes.
The document doesn't say which companies have cooperated with the NSA to weaken encryption, so we don't know exactly which networks and services are vulnerable.
Snowden recently participated in a virtual interview with The New Yorker and advised anyone who wants to preserve their privacy to stay away from services like Dropbox, Google and Facebook. He also said everyone should use an encrypted service like Signal or Redphone to send texts.