The year the NSA hacked the world: A 2013 PRISM timeline (Part II)

Missed Part I of our NSA saga timeline? Check it out here.

When June 2013 came to a close, the world was just coming to terms with the revelations of widespread and unaccountable spying by the American National Security Agency (NSA) revealed by whistleblower Edward Snowden. Mass gathering of metadata, recording of phonecalls, spying on civilian populations: at first, it seemed as if this would be a good old fashioned unaccountable-spy-agency-against-the-people kind of story. But it would soon become apparent that the rot went much further than that.

4 July

Liberté, égalité, espionage? Before long, other European countries were dragged into the spying fracas, with French daily newspaper Le Monde revealing that France's Directorate-General for External Security had been intercepting and storing almost every telephone and Internet communications within France for years - in direct violation of French law. And sharing it with the NSA, of course.

6 July

Brazil was next to feel the violation of NSA prying. An article co-authored by journalist Glenn Greenwald in the Brazilian daily O Globo revealed how the NSA had been using the "Fairview" program to gain access to the Internet and telephone data of Brazilian citizens through foreign telecoms' partnerships with American companies. Not great news for trust in American business!

9 July

Then it became clear that the NSA had in fact been listening in to calls in Latin American countries. While many of the topics of surveillance were security-related - arms sales in Venezuela and guerillas in Peru, for instance - the agency also sought information on oil, energy and trade policies, according to Al-Jazeera.

12 July

Snowden met with Russian rights groups at Sheremetyevo International Airport in Moscow to ask for "assistance in requesting guarantees of safe passage from the relevant nations in securing ... travel to Latin America."

Snowden also revealed that he was "requesting asylum in Russia until such time as these states accede to law and ... legal travel is permitted."

The ex-contractor and mega-whistleblower also gave a number of interviews over the next few days, explaining his cause, and giving a little extra background on the information he'd revealed.

20 July

Then it was Germany's turn to be ashamed. Der Spiegel revesals that Germany's Federal Intelligence Service (Bundesnachrichtendienst, or BND) and Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, or BfV) contribute to the NSA's data collection network.

31 July

Anyone shocked by the NSA's Prism programme had to hold onto their hats pretty hard as July came to a close: The NSA also operates another system, called XKeyscore, which gives the US intelligence community (and probably most of the Western allies of the US) full access to your email, IMs, browsing history, and social media activity.

To view almost everything that you do online, an NSA analyst simply has to enter your email or IP address into XKeystore. No formal authorisation or warrant is required; the analyst just has to type in a "justification" and press Enter.

To provide such functionality, the NSA collects, in its own words, "nearly everything a typical user does on the Internet." Perhaps most importantly, though, it appears that HTTPS and SSL encryption protocols might have been less than useless in preventing the NSA from listening in.

1 August

After 39 days, Edward Snowden is finally allowed to leave Sheremetyevo International Airport in Moscow, when his asylum request is granted by Russian authorities.

"Over the past eight weeks we have seen the Obama administration show no respect for international or domestic law," Snowden is reported to have said upon receiving his one-year asylum certificate.

1 August was also the day it turned out that not only was the UK government more than a little involved in the PRISM scandal, but that the US intelligence agencies were actually significantly bankrolling the expansion of the GCHQ to the tune of at least $155 million between 2010 and 2013.

2 August

Revelations in Brazilian new magazine Época revealed how the NSA had used spying to give American diplomats the upper hand in negotiations over sanctions against Iran in 2009, a vote that it narrowly won. So PRISM was just designed to catch terrorists, huh?

8 August

Lavabit, a secure email service used by Edward Snowden, shut down in dramatic fashion after founder and operator Ladar Levison was forced by Federal Agents to disclose the information of his users. While Lavabit used secure encryption techniques, its weakness lay in the fact that Levison himself had access to the encryption keys, and could therefore be ordered by secret courts to hand them over.

At one point, Levison handed the court a key printed in illegible 4-point type as a means of buying himself some time, but in the end he closed down the service, leaving 30,000 users in the lurch.

15 August

One of the documents leaked by Edward Snowden was an internal audit by the NSA, in which they noted that it had broken American privacy laws as well as their own internal rules, and spied on US citizens thousands of times by mistake. One of the most serious oversights was in 2008 when a "large number" of calls made from Washington were intercepted when a programme confused the state code 202 for the international dialling code of Egypt, +22. This was not reported to oversight staff.

At this point a more sinister picture was emerging: an out-of-control security agency that not only flagrantly and knowingly broke laws when they deemed necessary, but also did so regularly by mistake.

20 August

Things got dramatic, as David Miranda, the partner of Guardian journalist Glenn Greenwald, was detained and had his electronic devices seized at Heathrow after a 9 hour detention.

At the same time, Guardian editor Alan Rusbridger revealed how GCHQ intelligence agents raided the newspaper's offices and smashed up hard drives that contained copies of Snowden's documents.

The raid had been prefigured, Rusbridger said, by a sinister caution: "You've had your debate. There's no need to write any more."

21 August

It soon emerged that NSA surveillance covered just about three quarters of all Internet traffic anywhere in the world. This was much higher than had been previously disclosed, and it means that although the systems were designed to search for communications which originate or end abroad, or are entirely foreign but pass through domestic servers, the filter's far reach means that domestic communications were often intercepted.

26 August

In a strange twist to the tale, the Independent then published a document about the UK's spying centre in the Middle East, which passed data directly to the NSA. However, Edward Snowden insisted he had no contact with the Independent, and Guardian journalist Glenn Greenwald wrote a fiery response, accusing the UK government of "leaking documents about itself" in order to strengthen their accusations of Snowden's leaks damaging national security.

2 September

Before long, it emerged that the NSA had used a "man-in-the-middle" attack to spy on private computer networks belonging to Google, Brazilian oil company Petrobras, the French Ministry of Foreign Affairs and the Society for Worldwide Interbank Financial Telecommunication (SWIFT), against a 2010 agreement with the European Union (EU).

This is despite earlier claims that the NSA doesn't engage in corporate espionage, or spy on private companies. What a surprise!

5 September

Then it came out that the NSA and GCHQ are able to break the majority of the world's online encryption, and security. They achieve this through a combination of partnerships with Internet companies, influencing encryption standards and "brute force" exerted via supercomputers.

It turns out that many of the supposedly secure and encrypted services used to protect private information, including email, medical records and online banking, are in fact open to the agencies through backdoors that have been placed in the encryptions.

9 September

Thought at least the data on your phone was safe? Well think again: as September wore on, it emerged that the agency can allegedly access contacts, caller histories, and SMS messages (to name a few) on iPhones, BlackBerry, and Android smartphones.

A new compression method for BlackBerry data temporarily stymied the NSA's efforts until March 2010, when Britain's GCHQ managed to break back in once again and regain the ability to read users' SMS messages.

"It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic," said a BlackBerry representative.

20 September

Another article in German daily Der Spiegel shows that GCHQ used malware targeted at company employees to compromise networks belonging to the Belgian telecom company Belgacom.

The agency's goal was apparently to gain access to a major data hub that would allow it to intercept even more smart phone data using man-in-the-middle attacks.

28 September

The New York Times reported that the NSA uses Americans' data — including phone and email metadata, as well as information from social media and financial transactions — to create maps of targets' social connections.

14 October

The Washington Post reported that the agency is systematically harvesting contact lists from email accounts, instant messaging, and social networks from around the world, including those of Americans.

According to recent disclosures, the agency is attempting to draw up a graph detailing all the connections existing between American citizens, and could be used to build a detailed picture of any one person's social contacts, locations and close friends.

To be continued...

As we drew towards the end of October, most people thought that the worst of the NSA revelations must have already been disclosed. Surely, people thought, it can't get any worse than this?

That was until the presidents of US allies began to feel what it was like to have the NSA snooping through their data...

Read the next instalment of our PRISM timeline.

404

Sorry! Page not found.

The article you requested has either been moved or removed from the site.