Wednesday, October 12, 2016

Yahoo’s FISA E-mail Scan

Charlie Savage and Nicole Perlroth (via MacRumors):

A system intended to scan emails for child pornography and spam helped Yahoo satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization, several people familiar with the matter said on Wednesday.

Two government officials who spoke on the condition of anonymity said the Justice Department obtained an individualized order from a judge of the Foreign Intelligence Surveillance Court last year. Yahoo was barred from disclosing the matter.

To comply, Yahoo customized an existing scanning system for all incoming email traffic, which also looks for malware, according to one of the officials and to a third person familiar with Yahoo’s response, who also spoke on the condition of anonymity.

David Kravets:

At its most basic level, this newly surfaced tool exposes another US digital surveillance program. It differs from so-called “upstream” spying in which the authorities tap directly into the Internet backbone and scan for certain search terms—a spying program with diminishing returns as more and more data on the Internet has become encrypted. This Yahoo situation is also different from the Prism program, where the authorities acquire customer data from tech companies matching chosen search selectors.

David Sparks:

Yahoo has responded that Reuter’s original reporting of this was “misleading”, But again how would we really know? All of this is done under the veil of secrecy.

Joseph Menn:

The court-ordered search Yahoo conducted, on the other hand, was done by a module attached to the Linux kernel - in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled, according to three former Yahoo employees.

They said that made it hard to detect and also made it hard to figure out what the program was doing.

Lorenzo Franceschi-Bicchierai (via Slashdot):

The spy tool that the US government ordered Yahoo to install on its systems last year at the behest of the NSA or the FBI was a “poorly designed” and “buggy” piece of malware, according to two sources closely familiar with the matter.


Anonymous sources told The Times that the tool was nothing more than a modified version of Yahoo’s existing scanning system, which searches all email for malware, spam and images of child pornography.

But two sources familiar with the matter told Motherboard that this description is wrong, and that the tool was actually more like a “rootkit,” a powerful type of malware that lives deep inside an infected system and gives hackers essentially unfettered access.

Bruce Schneier:

Other companies have been quick to deny that they did the same thing, but I generally don’t believe those carefully worded statements about what they have and haven’t done.

Previously: Yahoo Says Hackers Stole Data on 500 Million Users in 2014.

Comments RSS · Twitter

Leave a Comment