Now, a part of the documents leaked by Edwards Snowden, released by The Intercept, exposes another unsurprising thing about the spying activities conducted by the NSA. While people unconsciously realized the fact that their P2P activities could be monitored, the document reveals that NSA’s dreams of penetrating P2P file sharing networks did come true.
The document was originally published in 2005 on NSA’s internal news site SIDToday; it outlines plans for analyzing P2P file-sharing traffic on the internet. It includes the formation of a research group called File-Sharing Analysis and Vulnerability Assessment (FAVA) Pod.
And it was not for the sake of the copyright holders whose content was a reason that such services proliferated; the security agency had intentions to harvest some intelligence from the traffic.
“By searching our collection databases, it is clear that many targets are using popular file-sharing applications,” a researcher, belonging to the group, wrote the article published on SIDToday almost 12 years ago.
“But if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”
The requirement to peek into early file-sharing networks, including software like Kazaa (FastTrack) and eDonkey, was to decode the protocols used and, if required, crack encryption in between. The NSA did so for a couple of them.
“We have developed the capability to decrypt and decode both Kazaa and eDonkey traffic to determine which files are being shared, and what queries are being performed,” a researcher wrote.
The agency could access Kazza’s data like “email-addresses, country codes, user names, location of the downloaded files, and a list of recent searches – encrypted of course,” reads the article.
KaZaA went out of service in 2012, but eDonkey is surviving with the same 2004-year vulnerable encryption. However, the service isn’t as popular as it was earlier. And security was never a goal for eDonkey’s encryption, a representative told the Intercept.
There were other file sharing networks under FAVA Pod’s radar as well, including Freenet, DriectConnect, Gnutella, Gnutella2, JoltD, MSN Messenger, Windows Messenger, and BitTorrent.
“In 2004, BitTorrent traffic was responsible for two-thirds of all traffic on the internet, and BitTorrent wasn’t even the most popular peer-to-peer file-sharing tool,” according to the released document.
The entry of BitTorrent in the file-sharing space was a little later than Kazaa and eDonkey, but it seems that the agency didn’t want to leave any stone unturned.
The Intercept, citing a classified presentation (dated 2007), reported that the NSA created a separate program called GRIMPLATE to monitor BitTorrent activities.
It was for the employees of the Department of Defense. “BitTorrent sessions are seen on a daily basis between NIPRnet hosts and adversary space [like China and Russia],” stated the document for GRIMPLATE.
NIPRnet is a DOD network used to share sensitive and classified information. The motive of the program was to check that any malicious stuff was not being transferred.
According to another document released by the publication, by 2010, the Britsh spy agency GCHQ was also showing interest in monitoring P2P networks through a web application called the DIRTY RAT.
You can find the SIDToday documents published by The Intercept here.