While many upcoming technologies promise to protect privacy and keep sensitive information safe in a world that's becoming increasingly connected, the National Security Agency (NSA) has ways of bypassing even the most protected systems in order to have constant access to the inner workings of governments, organizations and even people’s lives.
Dubbed Operation Auroragold, the NSA program has methods of accessing phone records, emails and texts by hacking into cell-phone networks, the Intercept learned exclusively from whistleblower Edward Snowden. The operation may have been established as early as 2010, but there are no indications it has slowed down. Documents provided by Snowden show that through Operation Auroragold the NSA intended to poke holes into cellular communication systems so they can be hacked at will.
The organization has already spied on hundreds of companies and organizations around the world in order to learn about security vulnerabilities within their communication systems that could be used to collect intelligence. The NSA has reportedly acquired correspondence from over 1,200 email accounts through Operation Auroragold, targeting countries like Libya and organizations like the GSM Association.
The NSA supposedly gained internal access to 4G data connections in 2010, years before the technology would become a global standard of communication. The NSA has stated that it does not target “ordinary people,” but observers have said the program could create problems for everyday citizens. Channels opened by the NSA could be accessed by hackers.
“If there are vulnerabilities on those systems known to the NSA that are not being patched on purpose, it’s quite likely they are being misused by completely other kinds of attackers,” Mikko Hypponen, a security expert at Finland-based firm F-Secure, told the Intercept. “When they start to introduce new vulnerabilities, it affects everybody who uses that technology; it makes all of us less secure.”
Many security bugs were discovered in 2014, including the Heartbleed security flaw, in April, and affected a considerable number of business and commercial accounts. The NSA may have known about Heartbleed for at least two years before it was discovered, Bloomberg has previously reported, and may have used the vulnerability to collect intelligence from 66 percent of websites globally.
Though the White House denied the NSA’s involvement in Heartbleed, President Obama also announced in April that the agency would have to report to the government any security flaws it discovers. In December 2013, an NSA review that included the president determined that the NSA didn’t have the right to create vulnerabilities in commercial technologies for the purpose of collecting surveillance.