MUSCULAR – Digital Citizenship and Surveillance Society

Purpose:

MUSCULAR , Washington Post, “Google Cloud Exploitation” slide.

MUSCULAR is a joint GCHQ and NSA programme that collects data travelling between internal data centres owned by Google and Yahoo. It achieves this by accessing the cables through which the companies’ internal network traffic passes. The programme is used to collect emails, documents, pictures, search queries and other data.

The programme relies on the telecommunications provider Level 3 to offer secret access to a fibre-optic cable at a point where Google and Yahoo traffic passes (NYT01). The access point, known as DS-200B, is located somewhere in the UK (WAH01).

MUSCULAR stores data for a three to five day period, during which GCHQ and NSA decode the proprietary data formats used by each company and extract information they want to keep (WAH02).

Capabilities:

Bulk collection from private networks
Bypassing encryption used on public networks
Decoding proprietary data formats

Data sources:

DS-200B, cable location owned by Level 3
Digital content from two major US companies

Related programmes:

WINDSTOP – NSA umbrella programme for bulk collection in partnership with “trusted second party” countries (UK, Canada, Australia and New Zealand). The programme targets “communications into and out of Europe and the Middle East” (ELE01).

Layers of operation:

Physical layer Tapping of fibre-optic cables.
Link layer, network layer and transport layer: Reconstruction of communication sessions.
Application layer: Extraction of content and metadata.

Background:

MUSCULAR is one of at least four similar “trusted second party programs” which together are known as WINDSTOP within the NSA (ELE01). This programme taps into the private leased fibre-optic cables that are used to connect the companies’ data centres across the globe (WAH02). These corporate internal networks have historically been unencrypted; however, both companies are beginning to encrypt their networks as a result of the MUSCULAR leak.

Company partners (NYT01):

Level 3: Provider of fibre-optic cables for Google

Sources:

Electrospaces (ELE)
1) http://electrospaces.blogspot.co.uk/2014/11/incenser-or-how-nsa-and-gchq-are.html

New York Times (NYT)
1) http://www.nytimes.com/2013/10/31/technology/nsa-is-mining-google-and-yahoo-abroad.html

Washington Post (WAH)
1) http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the-nsa-had-access-to-internal-google-and-yahoo-cloud-data
2) http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html