How to Hack the Backbone of the Internet

The latest leak from Edward Snowden confirmed what many people already suspected and feared: government snoops are tapping into the communication links between Google and Yahoo's data centers around the globe, giving them free access to the troves of personal data that circulates through the internet every day.

The NSA, along with UK spy agency GCHQ, copy millions of internet records a day, including content (emails, messages, chats) and metadata (your personal information), the Washington Post reported yesterday. The operation, code-named Muscular, was revealed to be so extensive that we at Motherboard felt compelled to ask what's left that the NSA hasn't yet hacked into.

But let's put aside for a moment the surveillance program’s startling scale, questionable legality, and obvious privacy violations, and take a look at what the latest details tell us about the physical, tangible infrastructure of the internet. Exactly how does one manage to hack into the web?

The backbone of the internet is made up of hundreds of underwater fiber-optic cables that stretch for thousands of miles across the ocean. The cables shoot information around the networked world at super-high speeds, up to 19 terabits per second—nearly the speed of light. In fact, light is exactly what’s being transmitted. Fiber-optic cables work by converting electrical signals into waves of light, and then back again at the other end.

It's pretty nuts when you stop to think about it. The 21st century global economy is being built on strands of glass the size of a garden hose, resting on the ocean floor. And we've known for years these cables can be hacked or vulnerable to breaks—if, say, a ship drops anchor in the wrong place, or a natural disaster ruptures the cable.

Google and Yahoo have massive data centers around the globe that are connected via these fiber-optic cables—many of which the companies either own or privately lease to assure (or so they thought) a secure route for their internet traffic. Now it seems the NSA is taking advantage of the inherent weakness in the web's infrastructure.

All Things D explains further: "The fundamental problem with fiber optic cables derives from the fact that light waves weaken over distance, so the signals have to be boosted or “regenerated” along the way. In fact, it’s required every 50 miles or so. This regeneration equipment is placed along the lines, whether they’re under the sea or on land, and provide natural places where some of these collection points might be."

The documents published yesterday didn’t disclose exactly where US intelligence taps into the tech giants’ private networks, only that it’s outside the US, where the are less restrictions and oversight—e.g., the NSA doesn’t have to worry about breaking the law. The documents do imply that the interception points are chosen strategically to exploit weaknesses in Google's encryption.

The highlight of the NSA’s Powerpoint presentation is a hand-drawn slide of two circles that shows where the public internet meets Google's private cloud. That meeting point is a prime spot for the NSA to intercept traffic, because encryption is “added and removed here!” as the slide states, with a smiley face no less.

There's still a lot we don't know about how the Muscular operation works, but we do know how fiber optic cables have been tapped in the past. US submarines have been used to access and intercept the cables, but it’s much easier to tap the transatlantic cables at the point where they come ashore. The UK is Europe’s biggest hub for these coastal landing points—and sure enough, this July another leak from Snowden revealed that the UK spy agency was siphoning user data at these landing points and sharing it with the NSA.

According to that report, published in the Guardian, the data siphoning occurs while the signal is in light form. Small devices, referred to as “intercept probes,” capture the light being sent through the cable, bounce it around through a prism, and copy it. The process is subtle enough the internet traffic flow isn’t disrupted, and there’s no sign that the cable’s been tapped.

The copied data is sent to be processed at the NSA data center at Ft. Meade, where it’s analyzed for some 40,000 supposedly terrorism-related search terms. And now, with backdoor access to Google and Yahoo’s networks, the agency is copying and collecting more data than it knows what to do with.