《美国国家安全局RAMPARTA项目基本情况.doc》由会员分享,可在线阅读,更多相关《美国国家安全局RAMPARTA项目基本情况.doc(8页珍藏版)》请在三一办公上搜索。
1、重要性An excerpt from the US Intelligence ?Black Budget? detailing the ?Foreign Partner Access Project? provides insight into how important RAMPART-A is to the US government. In 2011, the NSA spent a total of $91 million on foreign cable access programs, out of which RAMPART-A accounted for $76.55 mill
2、ion, or 84 per cent. Second party cable access programs, codenamed WINDSTOP, make up the rest. The fiscal year 2013 requested spending for RAMPART-A was down to $46.2 million but still accounts for 82 per cent of the total requested spending on foreign access projects. The efforts pay off. According
3、 to a 2010 briefing intelligence collected via RAMPART-A was used across all NSA Analysis and Production centers, and yielded over 9000 intelligence reports the previous year, out of which half was based solely on intelligence intercepted through 截获数据量The ?Black Budget? also provides details about t
4、he volume of data collected by the NSA via third party cable taps. The introductory project description states that ?RAMPART-A has access to over 3 Terabits per second of data streaming world-wide?. According to analysis provided by TeleGeography this was more than five times the average internation
5、al traffic from Denmark in 2013, or 362 million ordinary CD-ROMs if stored on a daily basis.基本配置The most recent SSO overview lists thirteen secret RAMPART-A sites out of which nine were active in April 2013. One site only provided metadata. The three largest sites - codenamed AZUREPHOENIX, SPINNERET
6、 and MOONLIGHTPATH, the locations of which are unknown - tap a total of seventy different cables or networks and figure in several documents among the NSAs most productive sources. The large amount of RAMPART-A cable taps, according to the leaked documents, gives access to ?international communicati
7、ons from anywhere around the world?, and ?all communications technologies? including ?Digital Network Intelligence, voice, fax, telex, e-mail, internet chat, VPN and VoIP communications?.Five sites, 4 with a Trusted 3rd Party Partner US-3127/AZUREPHOENIX US-3145/MOONLIGHTPATH US-3180/SPINNERET US-32
8、37/SMOKYSINK US-3190/FIREBIRD合作伙伴It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other
9、 countries, described by the NSA as “third-party partners,” are playing an increasingly important role by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables.What the reports on both websites didnt mention is that RAMPART-A is apparently focussed on collecting inf
10、ormation about Russia, the Middle East and North Africa. This comes fromDer NSA Komplex, a book about the Snowden-revelations written by two journalists from Der Spiegel. Unfortunately this book, which is much more informative than the one by Glenn Greenwald, is only available in German.Besides 3rd
11、Party partners giving access to cables in their own country, theres also a construction in which such a partner agency cooperates with yet another country that secretly provides access to data traffic, which is also shared with NSA. In recent years, BND and NSA conducted about half a dozen of such o
12、perations, three of which are mentioned inDer NSA Komplex:-Tiamat(access to high-level international targets under risky circumstances. This operation had ended before 2013)*-Hermos(in the Spring of 2012, BND got access to communication cables in a crisis zone country, but this operation had to be t
13、erminated by the end of the year when the situation almost went out of control)*-Wharpdrive(this operation was still active in 2013, but in the Spring of that year, employees of the private company that operates the communication cables, accidently discovered the clandestine BND/NSA equipment, but t
14、he operation was rescued by providing a plausible cover story)*监听地点 The best kept secret is the actual location where the BND tapping point was. Sddeutsche Zeitungreportsthat in the original documents the name of the provider is blacked out, but that according to insiders, it must have beenDeutsche
15、Telekomthat assisted BND. The paper even says both parties signed an agreement in which the provider earned a payment of 6.000,- euros a month in return for the access.This seems to correspond with a report broadcasted by the German television magazineFrontal 21in July last year, saying that BND had
16、 access to the Frankfurt internet exchange through its own cable since 2009. According to an insider, this cable access was under the cover of a major German telecom provider, and it was speculated this was Deutsche Telekom.But assomepeoplenoticed, Deutsche Telekom wasnotconnected to DE-CIX when ope
17、ration Eikonal took place. In 2008, the actual routers and switches of DE-CIX were situated in10data centers fromInterXion, TeleCity, Equinix, Level 3, ITENOS and e-shelter. Since 2008, the distributed DE-CIX switches areinterconnectedthrough the priva|nex private fiber-optic network from euNetworks
18、.Maybe before 2008 the DE-CIX switches were connected by fiber cables from Deutsche Telekom, but if not, there seems to be no way this company could have provided the BND access to the Frankfurt internet exchange. If the 6000,- euro contract really involved Deutsche Telekom, thenmaybefor the rent of
19、 a private cable from the tapping point to a BND site.In response to earlier media reports, the DE-CIX management put out apress releaseon June 26, 2014 saying:We exclude that any foreign or domestic secret service had access to our internet exchange and the connected fiber-optic networks during the
20、 period of 2004 - 2007. It was added that DE-CIX itself doesnt operate any data centers, nor stores or processes data on its own.This statement only speaks about the past, so it doesnt contradict the fact that the BND was recentlyauthorizedto intercept the communications from 25 internet service pro
21、viders (ISPs), with their cables being tapped at the DE-CIX internet exchange, as was reported by Der Spiegel on October 6, 2013. A letter containing this authorisation was sent to the Association of the German Internet Industry, which is the owner of the company that operates the Frankfurt internet
22、 exchange.Among these 25 providers there are foreign companies from Russia, Central Asia, the Middle East and North Africa, but also 6 German providers: 1&1, Freenet, Strato AG, QSC, Lambdanet and Plusserver, who almost exclusively handle domestic traffic.However,Strato AGsaid they would never agree
23、 with such a wiretapping order and1&1declared they never received a letter from BND and suggests that if theres any interception this may take place in cooperation with DE-CIX Management GmbH, the organisation that operates the Frankfurt internet exchange.This would mean that currently BND isnt tapp
24、ing the whole internet exchange, but only the cables from selected providers, which is of course much more efficient. Tapping the whole exchange would probably also exceed BNDs technical capabilities, as nowadays DE-CIX connects some 550 ISPs from more than 55 countries (includingNorth Korea), inclu
25、ding broadband providers, content delivery networks, web hosters, and incumbent operators.If thats the case, then the actual interception could take place at DE-CIX systems, maybe at the core fiber network or the core switch. This means, BND only needs the cooperation of the DE-CIX management and th
26、e indivual providers can honestly deny that their cables are being intercepted.According to Der Spiegel, the BND copies the data stream and then searches it using keywords related to terrorism and weapon proliferation. A BND spokesmanassuredthe Wall Street Journal in October last year that purely do
27、mestic German traffic is neither gathered nor stored.Simplified structure of the Internet, showing how Tier 1, Tier 2 and Tier 3 providerstransit data traffic in a hierarchial way and how Tier 2 providers exchangetraffic directly through peering at an Internet eXchange Point (IXP)(diagram: Wikimedia
28、 Commons - click to enlarge)In august last year, a spokesman from the DE-CIX managementsaidthat he couldnt rule out that some providers connected to the exchange would allow interception on their equipment when ordered so by their national governments.This points to for exampleLevel 3, a US company
29、that has a data center which houses some DE-CIX routers. But if Level 3 would have provided access to DE-CIX, then there was no need for NSA to cooperate with BND. Also, on August 1, 2013, Level 3 gave out apress releasesaying that the company had not given any foreign government access to its netwo
30、rks in Germany in order to conduct surveillance. See also:NSA also has arrangements with foreign internet providersConclusionAlthough we have no positive confirmation that Eikonal was part of the RAMPART-A program, this German operation perfectly fits the way in which foreign parters of NSA get acce
31、ss to important internet cables and switches and share the results with their American counterparts. In this case, NSA apparently cooperated with BND in order to get access to communications from Russia and probably also from the Middle East and North Africa that traveled through Germany.The best ke
32、pt secret is how and where such interception takes place, and we have seen that tapping the Frankfurt internet exchange DE-CIX is far more complex than it seems. This makes it difficult to pinpoint the taps, but by combining earlier press reports with the structure of the DE-CIX exchange, it seems u
33、nlikely that Deutsche Telekom was involved.Update #1:Because of the confusion about the role of Deutsche Telekom in operation Eikonal, the parliamentary investigation committee has decided to alsoinvestigatewhether this company assisted BND in tapping the Frankfurt internet exchange or not. As an al
34、ternative option its suggested that Deutsche Telekom might have just given access to its own Frankfurt backbone switch, instead of to DE-CIX - this would better fit NSAs description of what is intercepted under RAMPART-A: International Gateway Switches; End-Point GSM Switches; Leased Internet Circui
35、ts; Internet Backbone Routers.Update #2:During hearings of BND officials by the Germanparliamentary committeeinvestigating NSA spying, it became clear that operation Eikonal was indeed tapping into just one fiber-optic cable from Deutsche Telekom, and not into the Frankfurt internet exchange DE-CIX. This wasconfirmedby German media on December 4, 2014.
