If you’re able to wipe the dust off your memories, you might remember Edward Snowden leaks –the ones that defamed the National Security Agency by revealing their surveillance secrets in 2013.
Now, part of the Edward Snowden leaks, a document released by The Intercept, exposes another unsurprising thing about the spying activities conducted by the NSA. While people unconsciously realized the fact that their P2P activities could be monitored, the document reveals that NSA’s dreams of penetrating P2P file sharing networks did come true.
The P2P networks are in the crosshairs of the authorities in many countries, as in Germany. As the IP addresses are public, you can know which line is sharing content subject to copyright. However, it would be much more serious if the authorities could access your computer through those networks. Yes, that was the NSA.
In the early years of P2P, users who used it did not assume that they could be monitored, spied on, and even could be hacked through these networks. Unfortunately, these exchange sites operated totally open. The files were exchanged through shared folders, through which anyone could see what another user was sharing.
Among the first most popular file-sharing programs we found KaZaA (which used the FastTrack network), or eDonkey2000 (eD2k network). They shared mostly music (the movies could take days to get off), which did not like the record industry. From there began to launch demands by the industry against users who shared content in P2P networks, demonstrating that users were being watched and that what they were doing on the network was not secret.
“By searching our collection databases, it is clear that many targets are using popular file-sharing applications,” a researcher, belonging to the group FAVA (File-Sharing Analysis and Vulnerability Assessment), wrote the article published on SIDToday almost 12 years ago.
“But if they are merely sharing the latest release of their favorite pop star, this traffic is of dubious value (no offense to Britney Spears intended).”
The requirement to peek into early file-sharing networks, including software like Kazaa (FastTrack) and eDonkey, was to decode the protocols used and, if required, crack encryption in between. The NSA did so for a couple of them.
“We have developed the capability to decrypt and decode both Kazaa and eDonkey traffic to determine which files are being shared, and what queries are being performed,” a researcher wrote.
The agency could access Kazza’s data like “email-addresses, country codes, user names, location of the downloaded files, and a list of recent searches – encrypted of course,” reads the article.
KaZaA went out of service in 2012, but eDonkey is surviving with the same 2004-year vulnerable encryption. However, the service isn’t as popular as it was earlier. And security was never a goal for eDonkey’s encryption, a representative told the Intercept.
There were other file sharing networks under FAVA Pod’s radar as well, including Freenet, DriectConnect, Gnutella, Gnutella2, JoltD, MSN Messenger, Windows Messenger, and BitTorrent.
“In 2004, BitTorrent traffic was responsible for two-thirds of all traffic on the internet, and BitTorrent wasn’t even the most popular peer-to-peer file-sharing tool,” according to the released document.
The entry of BitTorrent in the file-sharing space was a little later than Kazaa and eDonkey, but it seems that the agency didn’t want to leave any stone unturned.
The Intercept, citing a classified presentation (dated 2007), reported that the NSA created a separate program called GRIMPLATE to monitor BitTorrent activities.
It was for the employees of the Department of Defense. “BitTorrent sessions are seen on a daily basis between NIPRnet hosts and adversary space [like China and Russia],” stated the document for GRIMPLATE.
NIPRnet is a DOD network used to share sensitive and classified information. The motive of the program was to check that any malicious stuff was not being transferred.
According to another document released by the publication, by 2010, the Britsh spy agency GCHQ was also showing interest in monitoring P2P networks through a web application called the DIRTY RAT.
You can find the SIDToday documents published by The Intercept here.