Business, Economics and Jobs

NSA broke into Google, Yahoo clouds through project MUSCULAR: Washington Post


A visitor tries out a tablet computer next to a cloud computing and technology symbol at the Deutsche Telekom stand at the 2013 CeBIT technology trade fair on March 5, 2013 in Hanover, Germany.


Sean Gallup

The National Security Agency broke into secure networks owned by Google and Yahoo, which gave the US spy agency “back-door access” to hundreds of millions of private records, The Washington Post reported Wednesday.

The report, based on documents leaked by former NSA contractor Edward Snowden, said the NSA infiltrated links connecting data centers of the two web giants around the world, yielding more than 181 million records over a 30-day period earlier this year.

The records — some of which belonged to US citizens — included metadata, as well as text, audio and video, The Post said.

Codenamed MUSCULAR, the project suggests the NSA (alongside its British counterpart the GCHQ) has turned its attention to major American corporations.

The Post’s allegations caused concern and outrage inside Google. When the newspaper showed two engineers top-secret slides that outline how the NSA attacks Google’s Cloud, they “exploded in profanity,” The Post said.

MUSCULAR differs from the NSA program known as PRISM, because it doesn't use court orders to mine metadata, but attacks Google and Yahoo infrastructure without the companies knowing about it.

The practice would be illegal in the United States, but targeting Google infrastructure overseas falls outside American jurisdiction. 

More from GlobalPost: NSA chief calls reports on European phone data collection 'completely false'

When approached by The Post, Google said it was “troubled” by the findings.

“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.

A Yahoo representative said “we have not given access to our data centers to the NSA or to any other government agency.”

On its website, Google trumpets its security, saying data centers employ the most stringent security.

“These buildings are guarded around the clock by trained personnel, and secured with protective measures such as heat-sensitive cameras,” the website says. “Strict authentication mechanisms, such as biometric verification, permit entry only to authorized personnel.”

The NSA responded to Wednesday's report in The Post with the following statement:

"The Washington Post's assertion that we use Executive Order 12333 collection to get around the limitations imposed by the Foreign Intelligence Surveillance Act and FAA 702 is not true. The assertion that we collect vast quantities of US persons' data from this type of collection is also not true."

"NSA is a foreign intelligence agency," the statement read. "And we're focused on discovering and developing intelligence about valid foreign intelligence targets only."

The latest report comes a day after NSA chief Gen. Keith Alexander told Congress the NSA operates within the guidelines of FISA and holds itself accountable for any violations. Testifying before a House committee, Alexander defended the NSA's action, saying he would rather "take the beating" than allow the lapse of any programs that would prevent the US from being attacked.

The embattled spy agency has faced growing criticism from abroad and increasingly from within the US over reports that it spied on the leaders and citizens of allies such as Germany, France and Spain.

More from GlobalPost: US might finally grasp seriousness of NSA spying