20 votes

How PRISM really works... (technical)

There's a great video chat about PRISM and how it works in the below link. In a nut shell, this is how PRIMS operates.

In the spider web that is the internet, each connection point utilizes a router. The center of the multi-spider web consists of the more popular servers such as Google, AT&T, Yahoo and others.

While the data gets close to these servers, fiber optic cables are used because of the high bandwidth going in and out of them.

How does the NSA tap into Google and others? By setting up PRISMs, or light splitters on the fiber optics at routers as close to (but not inside) Googles own servers as possible. These light splitters route the light into rooms that collect the raw data just upstream of these popular destinations. Then they can divert that data for analysis through software on site, and then send it off to headquarters.

These routers and the companies secretly containing the secret server rooms are under order to keep quiet. Some whistle blowers have spoken out in the past which is how we know of the technology today.

This is why all the major companies Snowden named can deny knowledge of PRISM, and why PRISM is not an acronym, but the light technology used to divert fiber optic communications. You can watch the show that explains in more detail below.

http://twit.tv/show/security-now/408

So are these corporations lying when they say they have no knowledge? Not really. The NSA would be smart not to tell them that the upstream router is tapping into them. Can switching from Google to Hushmail (or others) help? Not really, because if they are mass collecting data from even higher tiers (the backbone) of the internet - everything gets sucked up into a database.

Encryption over the internet and changing the laws are the only real tools anyone has it seems for personal privacy. And that would only last until computing power got good enough to decrypt that communication in the future.

You can find schematics of these splitters here: http://cryptome.org/klein-decl.htm




Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
TwelveOhOne's picture

Thanks for the info!

Very interesting. I'd like to challenge one of your statements: "Encryption over the internet and changing the laws are the only real tools anyone has it seems for personal privacy."

I would say another excellent tool would be "enforce the laws we have."

These government criminals would all be behind bars or decomposing, and we'd be free again like in the 1800s.

I love you. I'm sorry. Please forgive me. Thank you.
http://fija.org - Fully Informed Jury Association
http://jsjinc.net - Jin Shin Jyutsu (energy healing)

mathematical modeling.. SCARY STUFF

I dont agree with everything this guys says, GOTO AROUND 7:20 in the video

http://www.ted.com/talks/daniel_suarez_the_kill_decision_sho...

all techs know what they doing is real easy, but its what they doing with the data. I knew this one maths geek that worked for a bank and he told me they do mathematical modeling on data to pick out fraud.

these guys are doing it in social media, look at that map in this TED talk, they can pick out the LEADERS, IDEA MAKERS very acurately based on their social connections, for them to take over all they have to do is in one night kill everyone of these poeple to have an easily subdued population. Hitler did, Stalin did it, Hell even Saddam Husein did it (remember when he had all the politians in one room and names were read out and they were led out of room never to be seen again)

the funny thing is I was on the Ubuntu forums and came up with an idea about decentralized social media programs working similar to Bitcoin.. all I got was critisim and now when I looked at that page for alternatives there are many projects out there doing this, I actually felt good.

this technique isn't anything new or overly complicated

Not for a large organization. Mirroring traffic is common practice at many data centers, ISPs, web hosts, etc....It's one of the easiest, most inexpensive, and most un-intrusive way there is to monitor traffic for things such as DDOS attacks etc.... The scanning portion doesn't happen on live traffic. It happens on traffic that is mirrored to separate trunks. Customers who sign up for service agree to this. So there is mutual agreement. Not like what the NSA is doing. I am sure all the other IT oriented folks on DP (I know there are a quite a few) will agree. And I am sure most of you IT folks have looked at a tcp dump or two and can see where most of the ddos attacks are coming from.....

NCMarc's picture

ITS WAYYYY EASIER THAN THIS!

This post cracks me up. I run a small ISP. I've been in the largest Tel-Co rooms in the world. Monitoring data is childs play. I do it in my own facility, I know they do it too. I run a high end IDS/IPS can I can see all packets over the past 20-30 days. I can look at files transferred, data, emails, anything. It's very easy even for my $20,000 piece of hard ware. I imagine they have billions to play with.

So NSA works directly with the major tel-co's. AT&T, SPRINT, LEVEL 3,... all the Teir 1's..

http://en.wikipedia.org/wiki/Tier_1_network

There's something called "Port Mirror" it's on pretty much every switch or router sold today. All they gotta do is run a collector on a mirror of any port they want.

We are talking huge pipes, but the NSA can have private lines contracted on any ports they want, it's a config change in the router and is super easy. And I'm willing to bet most technicians wouldn't even know they are setting it up.

-----
A great empire, like a great cake, is most easily diminished at the edges. - Ben Franklin

+1

.

Are we talking on the router

Are we talking on the router firmware level?
Or hardware level?
Would a custom router firmware negate this ability?

NCMarc's picture

What I mean is techs would

What I mean is techs would have little idea this is going on. Only the people who configure the routers at HQ would really know, and even then, they can just be told to do something and not know it wasn't a customer request.

For example let's say Level 3 is an upstream provider for Google.

Pretend Google has a 10GB/sec pipe to Level 3 over Fiber connecting on port 5 of Level 3's equipment.

Port 6 let's say is empty waiting for another customer.

Managment says, Hook up Jones & Co (ficticious_ customer) to port 6 of the router.

Back at HQ, some "secret clearance" technician just starts mirroring traffic of port 5 to port 6. Simple as pie. Every router does this.

Very few people would know where that connection really goes, there's usually 40,000 strands of fiber in a central office, you aren't going to know where they go.

-----
A great empire, like a great cake, is most easily diminished at the edges. - Ben Franklin

I guess making all

I guess making all communication gibberish to everyone but the intended target is the only way to go, i guess, or a new inovation in defensive security

I am forseing a major encryption war in the not to distant future......well, unless we nib this tyranical tool in the so called bud

Thanks for expanding my mind, my friend :)

You are a diamond my friend,

You are a diamond my friend, you cant fight something if you dont understand it, that is why you are a diamond, and that is why they classify everything.

I wonder if broadband over copper wires is transferred over fibre optics, i suppose it must do, for the speed benefit

just wondering if there forms of communications out there that dont use fibre optics, assuming they've not been bugged already

I magine so, so giving that, would it now not be pointless now the "terrorrist" know what to avoid, or are they after something else entirely, that kind of power, and the type of folks up there in bullshit mountain

Well gosh darnit, i think we all have a duty to tell the "terrorists" exactly how the US spies on them, methods details, as well as informing the people.....make them "unwittingly" admit that there is more to wanting this tool, a tool that can be used for GREAT manipulation

Thanks again Marc S, :)

Edit
Mmmmmm, reading the post below, have i spoken too soon?

Thanks Gomez.....

Well, it's not the connection to your house that we're talking about. It's the connection that lies just outside of the big corporate servers of Google, Yahoo and others where you use services most people use. So if you use Gmail, your e-mail is sent from your computer to the Gmail server somewhere. In fact, thousands of e-mails are sent from a wide web around Gmails servers, because it all condenses right at the server the data needs to go to.

Since everything funnels down to that Gmail server, they can tap the flow of information into it from all users. They do it at a router point (a hop point where data travels to and from a place) and suck up the data there without needing to tap into the Gmail server itself. At the end and tip of the funnel.

Think of it like a phone call. If you own a business where you get lots of calls, where would you tap into those calls? At each callers house all over the place? No, you tap into the call center. Legally you can't go inside the center itself, so in a gray legal sense - you do it right outside the call center. Where all the calls are going to funnel through right before they make it to the call center.

So it doesn't matter if you yourself have dial up, cable or a fiber optic connection. You aren't tapped directly. That would be the least efficient place since they'd have to tap thousands of places instead of one. Where everyone is essentially calling on the internet. Where the most users go every day. Hotmail, Gmail, Google.com, Yahoo.com.

Here's a graphic showing how to trace the path your data goes before it hits a web site. You can see all the I.P. (router/hop) addresses. So if you traced your house to google.com, you would see all the addresses leading to the google server. The NSA taps the I.P. just before Google.com. It will have the largest flow of data from all the people querying it. But, it won't technically be inside googles servers, so google can deny knowledge of it. The government can "legally" do what they want with that stream of data which is just at a routed point somewhere. It's not the final destination.

http://www.mediacollege.com/internet/troubleshooter/tracerou...

Cheers marc If i get the gist

Cheers marc

If i get the gist of it, nsa are tapping into the servers of major POPULAR tech giants, or am i wrong, well, not that i expect you to know the ins and outs of the nsa prism project, but the sense i get, what we know, and what you've explained, is, its the POPULAR tech servers, not inside itself, but close enough to essentially get all the information from a given server, as if nsa WAS inside, and having direct access

Does anyone else see the obvious flaw, what stops "terrorists" using obscure, or setting up their own servers or what not, i know one thing, there are multitudes of ways to communicate over the internet, not restricted to the major POPULAR ones, unless NSA has somehow gotten direct access to ALL communication, "terrorists" can easilly bypass the spying, which begs the question, just WHO are they spying on, WHY are they only spying on servers who have MILLIONS of "law abiding citizens" communicating

thanks for the food for though, sorry for any grammer errors

Yes...

That's exactly right. Now, that is according to the video explanation I watched. It seems others disagree - but nobody really knows everything.

I build fiber optic networks for the big guys

and I can tell you that is not how it works. I can't speak for google, but if their layout is anything like the telecoms then I can assure you that there is no hidden room where fibers are secretly routed.

that's not to say that there isn't massive collection and filtering but I find it a pure fantasy to say that its happening at the physical layer.

fiber optics is a wonderful technology, it seriously cuts down on the work load because copper cables are heavy, but we are still talking about a massive amount of optical splitters and fiber cables.

there's just no way...

You install fiber networks

and can say "there's just no way..."?

Fiber optic cable is "routed" quite easily. The only hard part is finding a place to hide the equipment. As an IT guy, I have NEVER said "there's just no way". My job is to find a way, period. I am by no means the "best tech guy" there is, and I can conceive of several ways to do that. The only reason I have ever not done what I was asked was cost. With unlimited funds, ANYTHING is possible.

Your supposition is that the equipment MUST be in Google's or other tel-com companies buildings? That is certainly not true. The stream can be captured and split long before it gets to google or anyone else.

There may not be any equipment in the tel-com's where you work, but their stream is captured nonetheless, before or after it goes through their equipment, with them being none the wiser.

Just open the box and see

yes, no way

If you mean to tap onto a few circuits here and there, then sure. If you are saying that they tap onto every optical circuit, then I say "no way" "na-uh" "nope" "nosireee" :)

I don't think NSA likes to do that much grunt work

Actually, I'm not saying that

they are.

Just open the box and see

fiber optics is simply the

fiber optics is simply the media with the data is transmitted. it is not routed anywhere. however, the data being transmitted can be routed through backbone level routers which have storage capability.

No physical splicing is needed,

just some tinkering with a ROADM.

“With laws shall our land be built up, but with lawlessness laid waste.”
-Njal Thorgeirsson

Schematics?

http://cryptome.org/klein-decl.htm I'd be interested to hear your thoughts on these.

It looks legit to me

No doubt there was a secure area and those circuits were split, but who they were or what they were doing exactly we will never know. This guy was told NSA, but maybe coworkers were pranking him or they were mistaken and that they were really corporate security. Who knows? We only have his testimony of third party info, and much of it is redacted.

Even so, if this were the case that NSA was in the closet, they wouldn't and couldn't do this everywhere. It's too labor intensive and messy. You have so many different signals and technologies coming together in a central office and to say that one single device (an optical splitter)is going to capture all of that is...simply not possible. Every LGX panel would have to have a splitter!

I'm sure that there's very little physical infrastructure to Prism. It has to be done with help from the equipment manufacturers and given access to their software. That's the only way I can see such a broad operation done in plain sight.

The hasbara version use of PRISM - just business

https://nocamels.com/2013/04/big-data-a-little-less-big-than...

Big Data’ A Little Less Big, Thanks To Israel’s SiSense

Analyzing big data without mortgaging your business

SiSense’s secret sauce is its Prism software, a drag-and-drop system that lets users take bits of information (sales numbers, costs, etc.) and formulate complicated queries (number of sales per zip code, neighborhood, and income level, etc.) without requiring programming or database querying. The system can plug into databases of all types (SQL Server, Oracle, MySQL, etc.), run reports and analytics on very large data sets, on local computers, servers, or on-line, export information into reports, manage rights to data by user, customize displays/results, and so on. In short, according to Bendov, SiSense gives that average user the tools to analyze huge reams of data without having to mortgage their businesses to hire a team of database specialists.

And SiSense does its work quickly. At a recent demonstration in Silicon Valley, SiSense demonstrated that its system could zip through a huge 10 terabytes of data (that’s 10,240 gigabytes, or 10,485,760 megabytes) on a single off-the-shelf Dell server in just 10 seconds, and come up with answers to business intelligence problems posed to it. The demonstration, at the Strata Big Data Conference held in Silicon Valley last month, merited SiSense the Audience Choice Award at the event.

Using an ordinary laptop for Big Data crunching

In another demonstration, Prism was able to produce super-fast results using a Dell laptop — a device no “serious” database administrator would even consider using, because it just won’t be up to the task of heavy, memory-intensive analytics. “There’s a lot of hype around Big Data Analytics but even the biggest companies are struggling because of the massive infrastructure, budgets and specialized skills required. Prism levels the Big Data playing field so that businesses of all sizes can get in the game,” said Bendov.

"Give a man a gun, and he could rob a bank. Give a man a bank, and he could rob the world."

thank you

interesting, and there is more information links at the bottom of the page that was worth the look.

. . . . . . _ . . . _ _ .
. _ . . _ _ . . . . _ _ . . . . . . . _ . . _ . .
. _ . . _ _ . . . . _ _ . . . . . . . _ . . _ . .