A new WhatsApp security vulnerability has been detailed that allows attackers to gain access to personal messages and files using a malicious video file….
The US’ National Security Agency (NSA) has secretly been infiltrating the communications links that connect Google and Yahoo!’s global data centres.
That’s according to the latest leak sent by former NSA contractor turned whistleblower Edward Snowden.
As reported by the Washington Post, the agency has been using these links to tap into user communications, apparently at will.
The latest leaked documents apparently also reveal that the NSA’s acquisitions directorate sends millions of Google and Yahoo! records every day to data warehouses at its Fort Mead headquarters.
According to the Post, the NSA’s chief tool for exploiting the data links is called MUSCULAR and is operated in conjunction with British intelligence organisation GCHQ.
As the US newspaper points out, it’s interesting that the NSA feels like it needs to use MUSCULAR. It was, after all, revealed to have front door access to Google and Yahoo!’s servers through its PRISM programme back in June.
The news also comes fresh in the wake of US intelligence officials defending the actions they were revealed to have taken over the past few years.
In a statement, Google said that it was “troubled by allegations of the government intercepting traffic between our data centers, and we are not aware of this activity.”
“We have long been concerned about the possibility of this kind of snooping, which is why we continue to extend encryption across more and more Google services and links,” the company said.
At Yahoo, a spokeswoman said: “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
While the line from the tech companies strengthens the defence they’ve always taken of being unwilling partners in the NSA’s operations, it does have potentially negative consequences for them.
While the average user probably won’t be all that concerned about, or even aware of, the consequences of the revelations, trust in the companies’ cloud products could be eroded especially among power and enterprise users. That’s bad news for Google in particular.
That said, it looks like Google is already doing a number of things to try and avoid the attention of US intelligence agencies.
According to the Post, it’s already looking at encrypting the links between its data centres.
That’s just the latest move in what Google vice president for security engineering, Eric Grosse, has called an “arms race” between the internet giant and US intelligence agencies. “We see these government agencies as among the most skilled players in this game,” he said.