Home / Software & Gaming / Security / XKeyScore: The NSA tool that can record everything you do online

XKeyScore: The NSA tool that can record everything you do online

We've all heard about PRISM at this point and we're all suitably terrified. Unfortunately, the scares don't stop there, as new documents released today have detailed one of the NSA's tools of the trade. Known as X-Keyscore, the metadata and content analysis tool is able to track down a person's online activity using a variety of different methods and record everything that person does. To make matters even worse, the analyst responsible for the search and data collection, doesn't need a warrant, or much in the way of permission to conduct it.

Described in documents published by the Guardian as capable of covering “nearly everything a typical user does on the internet,” XKeyscore” uses a simple form input, filled in by the NSA analyst, and then set to work, autonomously recording and sifting through information like browsing history, social network messages and emails of individuals around the world.
Image Source: Guardian

These claims back up ones made earlier by document leaker Edward Snowden, who suggested that sitting at his desk, he could “wiretap anyone.” US authorities have denied this, but the training documents released today seem to suggest Snowden was correct.

XKeyscore can also be used, it's said, to track realtime internet activity of monitored individuals. In that instance however, even under FISA law, the NSA operative would need to obtain a warrant to target a person of US citizenship. However, that same rule does not apply to individuals overseas, or of Americans conversing with those who are considered foreign.

The documents then postulate that as many as 300 terrorists have been arrested because of Xkeyscore's thoroughness.

Other aspects of the monitoring software allow for email reading, as long as the address for the account is known.

Xkeyscore isn't perfect however… Image Source: Guardian

Once the form is filled in with a person's email address and justification for the tap, a person's email history is presented – though not all may be entirely accurate.

Social media is also said in the release to be infinitely perusable by NSA operatives. Facebook chats and private messages can be groomed through by analysts using XKeyscore and a piece of companion software known as DNI Presenter. All they need do, is input a person's Facebook user name and data parameters and they're able to skim through what's been said to their heart's content.

If this is true, it would suggest Facebook has been bending the truth when discussing its relationship with the NSA.

On top of that, browsing history isn't safe either, with search terms can be used to check HTTP activity thereby tracking pretty much anything a person under surveillance does online, whether it's search engine searchers, or access to certain websites.

Individual websites can also be a strong tool for American authorities, with the NSA able to look at any individual website and determine what IP addresses visit it. In one given example, an extremist web forum was suggested as a possible target.

In total, it's said that the NSA could store as many as 1.7 billion emails, phone calls and other types of communication on American citizens, every single day. However, these are said to be collateral damage as part of surveillance of foreign individuals who have been in contact with US citizens, or who's details pass through the same nets as those of Americans.

Just think of American citizens as having Hexproof. They can't be targeted, but broad sweeping powers affect them too.

KitGuru Says: Obviously there's some problems here. The broad sweeping powers and the generalising without warrants, that's difficult to stomach. But then again, there's good arguments on both sides. Just look at Jester's breakdown of Snowden and his pal Julian Assange

Where do you guys stand on this? It seems to me that as long as warrants are being signed, then it's somewhat acceptable. It's the rule bending and blanket collection that's a little more difficult to defend. 

Become a Patron!

Check Also

Sony investigating claims of major security breach

This week, a ransomware group claimed to have breached "all of Sony's systems", putting the stolen data up for sale on the dark web. Sony has yet to confirm that an attack has taken place but the company is now investigating.